Deputy Prime Minister Paek Attends National Assembly Hearing on Coupang
3,000 Cases Confirmed from Seized Laptop and Storage Devices
On December 30, Baek Kyunghoon, Deputy Prime Minister and Minister of Science and ICT, stated regarding the Coupang personal information leak, "The suspect accessed Coupang's servers using a signature authentication key, freely viewed and monitored the information of more than 33 million customers, and downloaded the necessary data."
Deputy Prime Minister Baek made these remarks at a National Assembly hearing held to investigate the 'Coupang security breach and personal information leak, unfair trade practices, labor environment conditions, and to establish measures to prevent recurrence.'
Regarding the scale of the leak claimed by Coupang in its internal investigation, he explained, "The figure of 3,000 refers to two storage devices from the suspect's laptop and computer, as well as two SSDs, making a total of four devices," and added, "The 3,000 cases are the number of leaked data confirmed after seizing the laptop."
He continued, "In reality, the suspect illegally possessed the signature key and used it to generate key tokens, confirming the information of more than 33 million customers," emphasizing, "That is extremely important."
Deputy Prime Minister Baek stated, "Customer information, including names and even email addresses, was exposed," and added, "We are currently analyzing the situation, but we believe that delivery information and delivery history have also been leaked."
In addition, Brett Mathis, Coupang's Chief Information Security Officer (CISO), explained the leak process, saying, "A former employee stole a personal signature key, forged tokens, and then accessed personal data."
When Oh Ki-hyung, a member of the Democratic Party of Korea, asked, "Did you conduct regular security inspections?" he replied, "We reviewed the system and underwent various certification-related audits, including government audits."
He further responded, "According to our process, we conduct vulnerability reviews and also perform simulated tests. We do this for all systems. However, I am not sure about the exact scope and frequency of the systems."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
