Korean businesses, financial institutions and government agencies have been frequently targets of hacking in the past. It is like an epidemic. The latest case involves SK Communications, which runs the Cyworld social networking website and the Nate online portal.
The hackers, whose attacks reportedly originated in China, stole personal information of 35 million clients of Cyworld and Nate last week. The victims are now exposed to the risk of online scams and voice phishing.
SK Communications claims the hackers cannot easily use much of the personal information they have obtained because the passwords and resident registration numbers of the clients encrypted. But if the culprits are capable of hacking such a security-minded Internet portal as Nate, they may easily decode the encrypted information.
Moreover, it is commonly accepted that there is no foolproof method to permanently deny a determined, competent hacker access to computer networks. He will eventually find a way to crack the software defense to get access to the targeted information no matter how technologically sophisticated it may be.
Of course, this is not to say that nothing can be done as a precaution against hacking. Damage can be controlled though it may not be prevented, as evidenced by what SK Communications is planning to do as a remedial measure.
SK Communications says Cyworld and Nate will no longer keep in store such sensitive personal information as resident registration numbers and addresses, once they are used to identify those registering as their clients. Cyworld and Nate should have taken such precautions regarding, in particular, resident registration numbers, from the beginning, given that they are used to identify persons in business transactions and official documents. SK Communications also promises to encode the personal information it keeps, including telephone numbers.
Indeed, there have been many complaints about the excessive amount of information that is demanded of persons by Internet portals, financial institutions and other organizations when applying for the online services they provide. But few are likely to exercise self-restraint voluntarily and demand the minimum of information they need, given that the more information they have the better customer database they can build.
If so, the government may take the process of legislation aimed at banning online service providers from storing resident registration numbers and other vital personal information in their computer systems. Through legislation, the provision of less crucial personal information can also be made optional.
