Cybersecurity News that Matters

Cybersecurity News that Matters

South Korean government website exposes personal information due to incorrect document issuance

by Minkyung Shin

May. 07, 2024
9:25 PM GMT+9

South Korea’s online certification website inadvertently exposed the private information of over 1,200 individuals by issuing incorrect documents to users.

On Sunday, the Ministry of the Interior and Safety (MOIS) reported that the GOV.KR website, which provides document issuance services to citizens, mistakenly issued 646 educational certificates on April 1. This error led to the personal data of citizens, including names, addresses, and resident registration numbers, being disclosed to incorrect applicants.

Furthermore, the GOV.KR website also mistakenly issued 587 certificates related to tax payments on April 19. The South Korean government clarified that this error involved a mix-up, exposing representatives’ names and resident registration numbers, instead of their taxpayer identification numbers, when users requested corporate tax payment certification.

The MOIS attributed the exposure of the data to a “mistake” made during the development process. They explained that the issue occurred while they were optimizing the integration between the GOV.24 platform and the education information system. During this update, a high volume of users accessed the site simultaneously, which led to certificates being issued to the wrong individuals.

The MOIS reported that they immediately deleted the incorrect documents and notified the Personal Information Protection Commission (PIPC) in accordance with the Personal Information Protection Act. Under this privacy law, any breach involving personal data must be reported to the PIPC within 72 hours of discovery.

The MOIS has confirmed that all related documents are now being issued correctly. The ministry further explained, “For education certificates, we have implemented a pre-verification program to prevent issuance errors. For tax payment certificates, we are taking measures to prevent errors by blocking unnecessary linked information.”

Meanwhile, GOV.KR faced a nearly 48-hour network shutdown last November due to a server access issue on the government network. GOV.KR is a highly trafficked website, averaging 1.5 million visitors per day and issuing around 400 million documents annually.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Minkyung Shin

    Minkyung Shin serves as a reporting intern for The Readable, where she has channeled her passion for cybersecurity news. Her journey began at Dankook University in Korea, where she pursued studies in...

    View all posts
Editor:
Designer:
Stay Ahead with The Readable's Cybersecurity Insights