hankyoreh

due to companies collecting resident registration numbers as a prerequisite to accessing their services

“We are significantly reinforcing security on computer servers containing personal information. However, we always feel uneasy about having subscribers’ personal data.”

An official at an Internet company, who made the remark, said he is concerned about massive leaks of customer data such as the one at GS Caltex. On September 7, police arrested four suspects on charges of leaking the personal information of more than 11 million GS Caltex customers. The suspects were known to have first reported the massive data leak to the press, a move aimed at increasing the value of the information.

Security has become the watchword for many companies as they grapple with a series of similar cases involving customer information leaks. A company’s customer database, a valuable asset for any company, could become like a high-risk explosive that puts the company’s survival at risk.

The bomb is detonated when companies collect personal information without much thought. The recent series of data leaks is not due to an increase in online hacking. The practice of collecting personal information has run rampant and, as a result, the possibility of increasing the number of massive data leaks and the number of those affected is ever present. A senior official at the Cyber Terror Response Center, a police unit in charge of online crimes, said, “It seems that everyone’s resident registration number has been exposed, considering that the personal information of millions of Koreans is being traded in China. Investigators even jokingly underestimate some cases (involving information leaks), saying that it’s ‘nothing special.’”

The root cause of the leaks is the nation’s resident registration number system, in which a 13-digit number is issued to all Korean nationals. This makes individual identification easy. Unlike a name, an address and a telephone number, a resident registration number cannot be changed once it is registered with a government office, so it is fixed and specific to each person. While other nations have similar national identification systems, such as social security numbers in the United States, the numbers can be changed if necessary. The problem in Korea is that private companies have been aggressive in collecting resident registration numbers before customers are given access to a range of benefits and services. The latest example of this can be found at GS Caltex, who requires customers to write their resident registration numbers when applying for customer mileage benefits.

Experts say companies need to drastically change their thinking and the way personal information is collected. If you look at history, they say, you will see that there is a permanent race between sword and shield. But the sword always wins. Therefore, the possibility that customer data can be leaked always exists, even though companies may be intensifying their efforts to reinforce security.

Jeon Ung-hwi, an executive member of the National Council of the Green Consumers Network in Korea, said, “Data leaks will be unavoidable if personal information continues to be collected. The fundamental way to resolve this is to minimize collection of personal information and personal identification numbers should be allowed to change if the numbers are leaked.”

Please direct questions or comments to [englishhani@hani.co.kr]