National Assembly Science and ICT Committee Holds Plenary Session to Discuss LGU+ Personal Data Leak
Park Hyung-il, LGU+ Vice President, "Considering Free USIM Replacement... Expanding Spam Alert App Service"
[Asia Economy Reporter Oh Su-yeon] An opinion has been raised that LG Uplus should waive cancellation penalties for 290,000 customers affected by the personal information leak. The current measures provided by LG Uplus, such as free USIM replacement and paid spam app services, are insufficient, and the company must actively work to alleviate customer concerns.
On the 9th, the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee held a plenary meeting to discuss issues including the LG Uplus personal information leak.
At the meeting, Park Hyung-il, Vice President of LG Uplus, expressed "a deep sense of responsibility" regarding the personal information leak incident and stated, "We are strengthening various internal inspections again."
In response to a question from Kim Young-sik, a member of the People Power Party, about measures for victims of the personal information leak, Vice President Park said, "We are considering free USIM replacement. We also plan to expand the paid spam alert app service to all customers."
Regarding whether compensation regulations are included in the terms and conditions, Jang Kyung-tae of the Democratic Party replied, "Since it is not in the terms and conditions, we will review it additionally."
Democratic Party member Kim Young-joo stated that customers affected by the personal information leak find it difficult to cancel contracts due to cancellation penalties and argued that since it is LG Uplus's fault, cancellation penalties should not be charged. He said, "Only 205 customers have applied for USIM replacement," and added, "The government should take this seriously and ensure that cancellation penalties for affected customers are waived." He also said, "I believe that not only LG Uplus but also the three major telecom companies should jointly improve manuals such as personal information encryption and separate storage."
There were also continuous criticisms regarding LG Uplus's insufficient proportion of dedicated information security personnel and security investment compared to competitors. Representative Jang pointed out, "LG Uplus's information security investment is 29.2 billion KRW, which is smaller compared to SKT's 62.7 billion KRW and KT's 102.1 billion KRW." According to Representative Jang, the proportion of dedicated information security personnel among LG Uplus's IT staff is 3.9%, about half compared to SKT's 7.8% and KT's 6.6%.
There was also criticism that LG Uplus's use of Huawei 5G equipment caused this personal information leak incident. Hong Seok-jun of the People Power Party said, "The Ministry of Science and ICT should conduct a full investigation of Huawei equipment and specifically look into how Huawei equipment is related to hacking."
Yoon Doo-hyun of the People Power Party urged active compensation for damages caused by DDoS attacks. He pointed out, "Compensation for damages caused by DDoS attacks is not properly stipulated in the terms and conditions. This means there is no reason to prevent DDoS attacks."
Regarding this, Park Yoon-gyu, 2nd Vice Minister of the Ministry of Science and ICT, said, "Even if time is limited, we will consider including compensation regulations in the terms of service. We will also consult with the Korea Communications Commission."
Vice President Park also said, "We are considering compensation for small business owners such as PC cafes in the form of fee reductions. For individual customers, we will investigate the overall cause and establish countermeasures."
On February 2nd last month, an unidentified hacker disclosed the personal information of 31 individuals presumed to be LG Uplus users on a dark web personal information trading site. The hacker posted and then deleted a message stating that they possessed 20 million pieces of such personal information and intended to sell it for 6 bitcoins (about 130 million KRW).
Subsequently, the Korea Internet & Security Agency requested LG Uplus to verify the authenticity of the post and confirmed that a total of 290,000 pieces of personal information were leaked. The data includes subscriber information before June 2018 and also includes information of canceled customers. Currently, forensic experts are investigating the leakage route.
Since January 29th, DDoS attacks have occurred every weekend for two weeks. Due to continuous attack attempts, there were three connection failures on January 29th and two on February 4th.
At the meeting, there was also criticism that during the Itaewon tragedy, communication in the area was paralyzed, and although the Fire Agency requested relay devices from the three telecom companies, their response was insufficient. Independent lawmaker Park Wan-joo pointed out, "At that time, communication traffic surged up to 280%. The Fire Agency requested the three telecom companies, but LG Uplus refused, KT sent a relay vehicle but did not operate it for two hours, and SKT only sent quality inspection personnel to the site and took no action." He added, "We need to review whether the three telecom companies violated the law and create a response manual."
Vice Minister Park said that KT will be fined for recently stopping the broadcast of 'Tongil TV.' KT reported the suspension of Tongil TV broadcast to the Ministry of Science and ICT on January 18th, and on the 27th, the Ministry accepted the report. According to legal regulations, the broadcast must be suspended after the Ministry's acceptance of the report, but KT violated this.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
