Hyundai Capital admits to unprecedented information leak

Posted on : 2011-04-11 14:21 KST Modified on : 2019-10-19 20:29 KST
Questions have been raised about secondary effects and each company’s security preparedness
 April 10. (Photo by Shin So-young)
April 10. (Photo by Shin So-young)

By Jung Hyuk-june 

A recently announced hacking incident at Hyundai Capital marked an unprecedented systematic accessing of customer financial information by hackers, resulting in major aftereffects. The breach in the computer network has not only sunk confidence levels to rock bottom for financial companies, for whom security is essential, but also spawned concerns about secondary effects due to leaked passwords and other information.

Hyundai Capital announced Friday that the personal information accessed through the hack consisted of name, email, and cell phone information for 420 thousand people, approximately 23 percent of all customers, and that it bore no direct connection with financial transactions. However, Vice President Hwang Yoo-no said Sunday that there was “a possibility that some secret information was hacked, including customer passwords and credit ratings,” indicating that it appeared likely that passwords were leaked for around 13 thousand customers.

In the past, there have been leaks of financial information amounting to a few hundred people through efforts by criminal organizations, but no cases such as this one of information being hacked for more than 10 thousand people at one time. In short, the company’s security system did not function at all. Observers are predicting no major damages in the immediate future, as the passwords accessed were for “minus loan” cards. But the possibility does exist for secondary effects since many individuals use the same password at various locations when conducting transactions with financial companies.

The revelation of systematic criminal efforts by hackers has the potential to develop into a problem for the financial world as a whole rather than Hyundai Capital alone, as it is impossible to guarantee that the security systems of other financial companies such as banks and credit card companies are safe either. For this reason, many observers are saying that a full reexamination of the security systems for South Korean financial companies has become unavoidable.

The hackers’ extraction of customer information at Hyundai Capital is believed to have begun in February of this year. However, Hyundai Capital remained completely unaware of the problem at that time.

“We only became aware of the hacking after receiving an email from a hacker at 9 a.m. last Thursday,” the company explained.

In order to avoid detection, the hackers conducted their infiltrations bit by bit without carrying off large amounts of information at all once. As such, it may have been difficult to detect their presence. However, observers say Hyundai Capital will be unable to avoid charges that its response came too late.

In this case, the problem area is the password leak, as many people use the same ID and password at various financial institutions for ease of memory.

“We are conducting simulations to examine what types of additional damage there may be,” said Hyundai Capital CEO Chung Tae-young.

“I cannot give a definite answer, but we do not think there will be any additional effects,” Chung added.

However, observers say it is now impossible to entirely dismiss the possibility of a second round of aftereffects.

  

Please direct questions or comments to [englishhani@hani.co.kr]

Most viewed articles