In what appears to be one of the biggest hacking attacks in recent years, it was belatedly known that a North Korean hacking group had continued to steal a massive amount of personal data from a South Korean court computer network over two years.
The hackers, presumed to be from the notorious Lazarus Group, stole a staggering 1,014 gigabytes of data and legal documents from a Seoul court's computer network, according to the police, the prosecution and the National Intelligence Service on Saturday, citing the results of their joint probe into the first-ever breach of cybersecurity involving a local court network.
Contained in the large-scale data heist was sensitive personal information, including names, resident registration numbers and even financial records handled and collected by the court. The scale of the data theft is estimated at around 2.7 billion A4-sized pages.
What is particularly chilling is that the hacking lasted from January 2021 through February 2023 without generating any warning signs or alerts to authorities as well as those who operated the court network. Regrettably, it was only late last year that the police noticed the irregularities in the court system.
This raises many questions about the fundamental problems with the nation’s cybersecurity level in general and court networks in particular. For starters, the country’s court networks store not only legal records about private citizens and their cases but also other detailed and potentially highly sensitive data about public institutions and companies.
The nature of the massive stolen court data means that hackers could exploit personal information for criminal purposes or attempt to compromise Korea’s essential government and military networks.
The joint probe team concluded the hacking was done by North Korea based on the evidence identified so far, including the malicious codes and IP addresses. The problem, however, is that authorities have yet to uncover how the hacking was carried out in detail and through which online and offline channels. Moreover, the joint investigation team has identified only 4.7 GB worth of files, a meager 0.5 percent of the total leaked files, casting skepticism over the chance of tracking at least a meaningful portion of the stolen data.
Even though the outlook is far from optimistic, those who failed to safeguard the crucial court network and related data should be held accountable for the lax cybersecurity level that invited hacking attempts, and be required to fix the apparent loopholes without delay.
But a bigger question is whether Korea’s public agencies as well as private companies have access to top-notch cybersecurity solutions that can stave off continued attempts from hackers in the first place. Government officials are quick to levy cumbersome regulations and draw up obligatory audits for public institutions and companies that collect and utilize certain amounts of personal data from users. But they are slow to proactively identify and address security problems.
There is another question about whether the government is taking a balanced cybersecurity approach for public agencies and private companies. Last Wednesday, the Personal Information Protection Commission slapped 7.5 billion won ($5.48 million) on a company for leaking personal data of about 2.21 million users last Wednesday, a heavy fine reflecting the government’s latest policy pushing corporations to take more legal responsibility for data leaks.
However, the government should impose more stringent rules and penalties on public agencies. According to the PIPC, the number of leaked records at private firms dropped from about 14 million in 2019 to 2.6 million in August 2023, while the figure for public agencies soared from 52,000 to 3.4 million during the same period.
The government must take steps to strengthen cybersecurity rules for public agencies, many of which handle a huge amount of sensitive data, and work with lawmakers and experts to help prevent fast-evolving hacking attacks.