KISA Provided Technical Support After Receiving Report
US Hacking Magazine: "Information from 8,938 Servers and Over 42,000 Accounts Leaked"
While LG Uplus has completely denied any hacking or breach, it has been revealed that SecureKey, the security partner responsible for managing LG Uplus servers and access control solutions, directly reported a hacking incident to the Korea Internet & Security Agency (KISA) and received technical support.
According to materials submitted by KISA to the office of Chungkwon Park, a member of the National Assembly's Science, ICT, Broadcasting, and Communications Committee, on September 15, SecureKey reported a system hacking incident to KISA on July 31, and KISA provided technical support the very next day, August 1.
SecureKey is a partner company in charge of LG Uplus server access control solutions. Previously, the American hacking magazine 'Frack' reported that a hacker infiltrated SecureKey, obtained account information, and used it to penetrate LG Uplus's internal network, stealing information from a total of 8,938 servers, 42,526 accounts, and 167 employees. However, LG Uplus has repeatedly denied the possibility of hacking, stating, "Our own analysis found no evidence of external intrusion."
KISA had already received a tip-off about a possible breach from a white-hat hacker on July 19 and requested LG Uplus, KT, and SecureKey to report and participate in an investigation. Of the three, only SecureKey actually complied with the reporting request. On August 22, KISA again requested LG Uplus and KT to report, presenting evidence that the leaked data matched real data, but both companies maintained their previous stance.
As a result, the Personal Information Protection Commission stepped in. Despite the lack of voluntary reporting from the companies, the commission launched an investigation into LG Uplus and KT on September 10, based on complaints from civic groups and reports from victims of small payment fraud. While the Personal Information Protection Act allows investigations when there is knowledge of a legal violation or a significant possibility of an incident, the Act on Promotion of Information and Communications Network Utilization and Information Protection requires voluntary reporting to initiate an investigation, highlighting a difference between the two laws.
Chungkwon Park emphasized, "This incident has exposed a systemic loophole where the government and specialized agencies cannot respond swiftly if companies avoid voluntary reporting. Since this is directly connected to the financial losses of the public, we must thoroughly uncover the facts and revise laws and systems to prevent recurrence."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
