Subsidiary Exposed to Cyber Incident
Over 3,000 Victims... "Preemptive Compensation"
Company: "Reported to FSS, KISA, and Personal Information Committee"
On September 26, the operator of the Bipple Pay app, which supports charging and payment for local gift certificates and branded gifticons, announced, "We have confirmed that a third party without external authorization accessed Bipple Pay's personal information." Bipple Pay is an app operator wholly owned by Bizplay, a subsidiary of Webcash.
![[Exclusive] Bipple Pay App Operator Confirms Unauthorized Third-Party Access to User Personal Information](https://cphoto.asiae.co.kr/listimglink/1/2019031110511985001_1552269079.jpg)
On this day, Bipple Pay stated, "On September 24, we confirmed that an unauthorized third party accessed user personal information, and we are notifying users in accordance with relevant laws," adding, "The exact date and time when the third party accessed the personal information has not yet been identified."
Bipple Pay explained that immediately after recognizing the incident, it implemented emergency measures such as separating the system network and further strengthened system security. The company also reported the incident to relevant authorities and is continuing to cooperate with specialized firms as necessary.
A senior official from Webcash said, "After reporting the incident to the Financial Supervisory Service, Korea Internet & Security Agency (KISA), and the Personal Information Report Committee, we are proceeding with compensation for those affected."
Bipple Pay also stated that it has completed compensation for all damages caused by the misuse of PIN information from branded mobile gift certificates held by some customers, which was exposed during the incident.
A Bipple Pay representative said, "Currently, customer points and other assets within the Bipple Pay service are being managed safely."
However, Bipple Pay noted, "Other personal information items that may have been exposed include name, date of birth, gender, mobile phone number, account number, and CI (connection information)."
The company further emphasized, "To prevent secondary damages such as identity theft and voice phishing, we urge users to be cautious and avoid accessing unknown URLs."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
