Personal Information Leaked from Two GAs Including Hana Financial Find and Youfirst
Additional Investigation Underway for 12 GAs
The Financial Supervisory Service (FSS) announced on May 20 that it has confirmed the leakage of personal information in over 1,100 cases related to the recent hacking incident involving corporate insurance agencies (GAs).
Last month, the National Intelligence Service first identified signs of a personal information leak at two GAs, Hana Financial Find and Youfirst. The incident began when a developer at Jinexon, an insurance sales support IT company, clicked on a malicious code link while using an overseas image sharing site. As a result, the developer's PC was infected with malware.
The developer's PC contained the web server access URLs, administrator IDs, and passwords for client GAs, which had been saved using the browser's auto-save function. Due to the malware, the web server access URLs, administrator IDs, and passwords for 14 GAs (including the two that were hacked) stored on the PC were leaked.
At GA A, the personal information of 908 individuals?including 349 customers and 559 executives and planners?was leaked. For some customers (128 individuals), the leaked data also included information that could reveal details of their insurance policies, such as the type of policy, insurance company, policy number, and premium.
At GA B, the personal information of 199 customers was leaked. However, there was no leakage of transaction information or other credit information related to the customers' insurance contracts.
According to inspections of GAs (entrusted companies) by insurance companies (trustors) conducted through the Korea Life Insurance Association and the General Insurance Association of Korea, signs of a personal information leak were also found at one out of 12 GAs. Although the volume of leaked information is estimated to be very small, additional verification will be carried out by the Financial Security Institute, a specialized agency, to obtain a more accurate assessment.
The FSS plans to require GAs and insurance companies involved in the information leak to promptly notify affected customers individually in accordance with the law. The FSS will also reiterate its request for insurance companies to take necessary measures to prevent secondary damage related to the leaked personal information.
The FSS will establish damage consultation centers within the affected GAs and insurance companies to receive reports of damages caused by the leak. The agency will also actively support consultations regarding related system inquiries and other matters.
An FSS official stated, "We will conduct on-site inspections of GAs that experienced personal credit information leaks and take necessary measures," adding, "We will continue to cooperate and communicate closely with related agencies, including the National Intelligence Service and the Personal Information Protection Commission, to ensure a thorough response."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
