Korea grapples with massive personal data theft, regulatory mess

Has reliance on Internet Explorer, ActiveX, public key system combined to open ‘black hole’ in cyber security?

The Korea Herald reports:

A string of cyber attacks have bombarded South Korea in recent years, leading to massive leaks of personal information stored in banks, government agencies and corporations.

In January 2008, hackers stole the personal data of some 18.6 million users of online shopping mall Auction. Three years later, SK Communications, which runs the online search engine Nate.com and social network service Cyworld, fell victim to data theft of its combined 35 million users ― roughly 70 percent of South Korea’s total population.

IT experts have suggested an array of factors behind those large-scale security lapses, with some blaming government-led overregulation such as the “public key certificate” system that is supposed to prevent such security breaches.

Inspection of an interesting graphic in their article, reproduced below, suggests that although this blog and DataLossDB had known about many of their big breaches, we didn’t know about all of them, including two recent breaches:

KR_breaches

Read more on Korea Herald.  Jon Russell of TheNextWeb picks up the story, here.

About the author: Dissent