Reported Two Days After Discovery, Public Announcement Made on Friday Evening
It has been reported that the personal information of approximately 80,000 people, including employees of Shinsegae Group headquarters and its partner companies, has been leaked, and Shinsegae is currently under police investigation as the victim company. However, as the circumstances of the data breach remain unclear and delays in the reporting process have been revealed, suspicions are growing that the company may be attempting to downplay the incident.
According to Shinsegae I&C, the group's IT affiliate, on December 29, Shinsegae has recently been cooperating with a police investigation following a request for assistance regarding this personal information leak.
While Shinsegae maintains that all employees of the company and its partners are victims, it has not disclosed specific details of how the information was leaked, citing the ongoing investigation. The company explained that the cause was a malware infection but did not clarify whether the breach was due to internal misconduct or external hacking, nor did it specify the route through which the information was leaked.
The timing of Shinsegae's response has also come under scrutiny. Although the company became aware of the personal data breach on December 24, it did not report the incident to the Korea Internet & Security Agency (KISA) until the afternoon of December 26, two days later. The external announcement was also made after 6 p.m. on the same Friday, leading to criticism that the company chose a time when it would be difficult for the public to notice.
Previously, in a notice distributed on December 26, Shinsegae I&C stated, "We have confirmed indications that information belonging to employees and some partner company staff was leaked from Shinsegae Group's internal intranet system." The leaked data is believed to involve employees of group affiliates such as Shinsegae Department Store and Emart, as well as some staff from outsourcing partners. The company explained that no customer personal information was compromised.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
