[Weekend Briefing] Data breach exposed test scores of 270,000 high school students

By Kuksung Nam and Dain Oh, The Readable
Feb. 24, 2023 8:18PM GMT+9 Updated Feb. 27, 2023 4:55PM GMT+9

“Weekend Briefing” is a weekly newsletter that is sent to The Readable’s subscribers every Friday. Cybersecurity journalists for The Readable carefully select important news stories from the previous week and deliver them in a compact form. Topics encompass cybercrime, geopolitics, and privacy. There are no costs involved with a subscription, and some content, such as the monthly ransomware index report, is only available to those who subscribe to our newsletters.

Hello! This is Kuksung Nam and Dain Oh in South Korea. We have picked four news stories. In addition, you can find a notice below regarding the advances of The Readable. Have a great weekend!

1. Data breach exposed test scores of 270,000 high school students

The personal information of almost 90% of second year high school students who took a nationwide examination last November has been exposed online and on social media platforms, such as Telegram. The Gyeonggido Office of Education, who administrated the exam, said on Tuesday that 270,000 students’ records were disclosed on February 19. The data included students’ names, schools, genders, test scores, and class information.

In total, 303,000 second year high school students took the November exam, a spokesperson of the Gyeonggido Office of Education said to The Readable. Students who are living in Chungcheongnamdo and Gyeongsangnamdo province have not been affected. South Korean high school students take multiple examinations administered by various education offices in the country as preparation for a national college entrance exam which is held in November during their final year in high school.

It is unclear for now whether the data exposure was caused by a black hat hacker or an internal problem of the education office’s computer system. The Gyeonggido Office of Education said that they could not respond to The Readable’s request to disclose the reason behind the massive exposure because the incident is currently being dealt with by the police. Both law enforcement officials and the country’s privacy watchdog, the Personal Information Protection Commission, are investigating the data leakage and putting their efforts in deleting the data that has already been exposed online.

2. South Korean military loses case against antivirus company over data breaches by North Korea

South Korea’s Ministry of National Defense lost its appeal against the antivirus company Hauri in a case that involves disputes over the hacking of national defense networks by North Korean hackers in 2016. According to local news outlets, the Seoul High Court on February 16 ruled in favor of the cybersecurity firm, saying that there is no evidence to support the negligence claims against Hauri. “It is hard to believe that the hacking incidents were caused by the firm’s negligence regarding private key management, and the evidence is insufficient,” the court stated.

In October of 2017, the military department filed a lawsuit for damages against two information technology companies, including Hauri and LG CNS, after North Korean hackers stole South Korean military secrets from 3,200 computers used by officers in the armed forces in August of 2016. The Prosecutors Office Ministry of National Defense concluded in May of 2017 that the massive data breaches took place through the distribution of malicious code into the servers and personal computers of the internal networks of the military.

3. Privacy watchdog opens investigation into top health and beauty store

South Korea’s privacy regulator said Thursday that it has opened an investigation into CJ Olive Young, the most widely used health and beauty store in the country, after the company revealed that they had mishandled the personal information of their customers.

According to a statement by the health and beauty store, the company had wrongly released the private data of their users to other members who are using their service. The data includes customers’ names, profile photos, and mailing addresses. The firm added that the incident occurred on February 16 and was caused by an error in changing their computer system. They did not disclose the number of customers affected by the breach.

“It is hard to figure out the exact number of individuals affected by the breach, as we have just started the investigation,” said an official of PIPC. The Personal Information Protection Commission will also look into whether the company has abided by the privacy law which states that the relevant organizations must be notified about data breaches no later than 24 hours after having become aware of an incident.

4. Hackers stole 7 million customers’ data tied to hundreds of websites

Designed by Sangseon Kim, The Readable

The South Korean police said on Monday that they have arrested twelve individuals belonging to a criminal group suspected of breaching 385 websites and stealing the personal data of almost 7 million customers. The leader, a 48-year-old male, a high-ranking member, a 40-year-old male, and a computer hacker, a 25-year-old male, were among seven members who were taken into custody.

According to the Jeonnam provincial police, the suspects breached a notable business media outlet’s website and stole 300,000 cases of subscribers’ information including names, addresses, phone numbers, and dates of birth. This was the largest volume of information leaked from a single website, according to the police who have been investigating the allegations.

A popular matchmaking company in South Korea has also fallen victim to the criminals’ illegal activities. The police explained that the hackers gained access to almost 110,000 cases of customers’ sensitive data, including resident registration numbers, occupations, and information about their family relations. The police did not disclose the name of either company. To read the full story, click here.

[Notice to our readers] Reorganization of news category

Designed by Areum Hwang, The Readable

The Readable has recently reorganized its news category into four overarching topics: world, privacy, security, and North Korea. We have also established two additional sections, including opinion and report. The opinion section delivers perspectives from industry experts as well as our journalists’ thoughts to our readers. If you visit the report section, you can find in-depth reports on cybersecurity forecasts, international conferences, and monthly ransomware index reports. If you have any thoughts or suggestions regarding content to publish through our platform, send us an email with a brief introduction.

Moreover, our entire team is thrilled to see the number of our readers increase by the minute, especially considering that it has only been 10 months since the launch of The Readable. The news articles that we produce are being translated into different languages, and the key stakeholders in the cybersecurity industry have started recognizing us by sharing our news articles and inviting us to their events. This would not have been possible without our readers’ support. Thank you, and we will keep doing our best to make a safer world through quality journalism.


The cover image of this article was designed by Sangseon Kim.

Kuksung Nam is a journalist for The Readable. She has extensively traversed the globe to cover the latest stories on the cyber threat landscape and has been producing in-depth stories on security and privacy by engaging with industry giants, foreign government officials and experts. Before joining The Readable, Kuksung reported on politics for one of South Korea’s top-five local newspapers, The Kyeongin Ilbo. Her journalistic skills and reportage earned her the coveted Journalists Association of Korea award in 2021 for her essay detailing exclusive stories about the misconduct of a former government official. She holds a Bachelor’s degree in French from Hankuk University of Foreign Studies, a testament to her linguistic capabilities.

Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.