Suspected Leak of Names, Gender, Contact Information, and Dates of Birth
PIPC: "Investigation to Begin Soon"
The Personal Information Protection Commission (PIPC) will investigate another personal information leak incident that occurred after more than two years at the recruitment information service site 'Incruit,' which has over 2 million subscribers.
A PIPC official stated in a phone interview with Asia Economy on the 10th, "We received a report of a personal information leak from Incruit and plan to begin an investigation soon." The PIPC will examine the scale and circumstances of the leak, compliance with the Personal Information Protection Act, and the appropriateness of the reporting and notification procedures following the incident.
Incruit announced in an email sent to its members the previous day that it confirmed signs of personal information leakage due to an external attack. The suspected leaked personal information includes names, dates of birth, gender, and mobile phone numbers. The exact time and circumstances of the leak are being identified in cooperation with the PIPC and related agencies.
Previously, Incruit had leaked 35,076 pieces of personal information through a hacker's 'credential stuffing attack' (an attack that randomly inputs pre-obtained IDs and passwords to log in). At that time, the PIPC found that Incruit did not implement a policy to block large-scale login attempts and had lax access control measures by allowing dormant accounts to be reactivated with only an ID and password without additional authentication. Consequently, in July 2023, a fine of 70.6 million KRW and a penalty of 3.6 million KRW were imposed.
In the email, Incruit stated, "Upon discovering signs of suspected leakage, we immediately blocked the related IP, inspected and supplemented system vulnerabilities, and strengthened system monitoring." They added, "We will expand investments in personal information protection, introduce the latest technologies, and promote system advancement based on this incident."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
