Authorities efforts to secure privacy information

Privacy Protection

Last September, 2010, Public administration and Security committee of National Assembly passed the bill of privacy protection. This law is aimed at promoting the rights and interests of the public by protecting privacy from personal information gathering, leaking and abusing. After 2 years struggle between the ruling party and the opposition party, the law finally passed and will be put in place after September, 2011.

 Financial sector has been keeping on close watch on this privacy protection law because this deals with various range of industry including finance. The financial interested should make the concrete plan from the beginning process of information gathering to compensation for damages. It was known that each company tried hard to meet the standard by monitoring all the related laws.

However, it turned out that things are not going well.

Hot issues of April; Hyundai Capital & National Agricultural Cooperative Federation

 

Hyundai Capital, a financial branch of South Korea’s top automobile company Hyundai Motor, announced on April 8th that the personal information consisted of names, address and phone number for 420 thousand people was leaked through the hack. Besides, it came out into open that passwords, transaction record and even credit rating of 13000 credit loan users were also hacked from customers’ loan account. Almost everyone in Korea who has been consumers of any kind of financial services was in a state of panic since they have never had this kind of tremendous information spill.

But, the matter was not settled yet.

Even more, National Agricultural Cooperative Federation, or Nong-hyup has had a system crash which started on April 12th. This systematic error made customers unable to withdraw, transfer money, use credit card or cyber transaction. The bank’s services were partially restored after three days, but some advanced cash service such as payment of card affiliates, issuance of credit card, card bill and cash advance using phone is still not available. Fortunately there were no theft of information but it suspected that the problem was caused internally. The commands to destroy computer servers and wipe out transaction histories were entered through a laptop owned by a subcontractor.

For both cases, state prosecutors have launched a probe to see who did these attacks but the cases have not been clearly solved yet.

Security Hole

 

In short, there was a security hole. This spawned serious concerns since the possibility does exist for secondary effects; many individuals use the same password at various financial companies. Except that, these cases have seriously damaged the credibility of the financial sector.

In response to this crisis, South Korea’s financial watchdog launched an investigation on April 11th and projected TF for reinforcement of IT security among financial companies on April 15th. Financial Supervisory Services(FSS) and Financial Services Commission(FSC) are planning to check the general IT security of financial companies and make a guideline for methodical response& prevention for recurrence of accident. After realizing the importance of IT security in finance area, the authorities compose joint TF with private sector which includes foremost specialists in private enterprises. This is significantly different from the precedent which government had made its own TF without participation of private sector. The authorities expect to set up fundamental measures by close examination.

Composition of TF

This TF consists of 3 response teams with leader of FSC Secretariat ; Response Team for Hyundai Capital&Nong-hyup, Inspection of Financial IT Security and System improvement of Financial IT Security.

(Resources : http://www.fsc.go.kr / http://www.fss.or.kr)

     

TF Project Leader

(FSC Secretariat)

     
               
           

TF Advisory Group

            •IT Security Specialists in private enterprise

•IT Security Specialists in government branch

•IT Security Specialists in subsidiary organization

               
               
Response Team for Hyundai Capital&Nong-hyup   Team for Inspection of Financial IT Security   Team for System improvement of Financial IT Security
               
Leader :

FSS Vice director on IT

  Leader :

FSC Director of planning and coordination,

Executive of private IT company

  Leader : Director of Financial Services in FSC
•Private experts such as TF advisory consultant

•Head of the related department in FSS&FSC

•Special prosecution team leader in FSS

  •Private experts such as TF advisory consultant

•Head of the related department in FSS&FSC

•A person responsible for ISAC in KFTC

•A person responsible for ISAC in KOSCOM

  •Private experts such as TF advisory consultant

•Head of the related department in FSS&FSC

•Specialists in KFTC

•IT Planning experts in KOSCOM

 

The authorities already started investigation in writing right after the occurrence of the accident to check exact state of financial companies’ security.  Besides special prosecutions for those two affairs, officials with private and government sectors will be composed for each financial area and begin conducting inspections from the end of this month.

Lessons

 It is obvious that financial authorities have to fulfill its duty as a watchdog to ensure people to participate in all kind of financial transactions. Concomitant with this should each company put an emphasis on internal security education.

hyejin Na

nhjkitty@naver.com

Advertisements

One Response to Authorities efforts to secure privacy information

  1. This bill of privacy protection is a step in the right direction. Also importantly, it is a good idea to not use the same passwords everywhere.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: