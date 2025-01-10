[News Today] COURT ADMIN. SECURITY LAPSE

입력 2025-01-10 15:44:37 수정 2025-01-10 15:44:55 News Today





[LEAD]

North Korean hackers breached the South Korean court's computer network, resulting in a significant data leak. The Personal Information Protection Commission criticized the court's administrative office for inadequate security, and imposed a record fine of 200 million won on a public institution.



[REPORT]

In a span of 2 years since 2021, a South Korean court's computer network was hacked and continously leaked data.



The South Korean police and a joint team of investigators concluded last year that North Korean hackers stole more than 1,000 gigabytes of data over a two-year period.



The stolen data include personal information such as names, phone numbers, and resident registration numbers, as well as handwritten affidavits for court cases.



Some eight months after the investigation findings were announced, the Personal Information Protection Commission held the administrator responsible for a lack of supervision and imposed an administrative fine of 207 million won, roughly 140 thousand US dollars, and a penalty of six million won, about 4,100 dollars.



This is the largest administrative fine for a government institution before the Personal Information Protection Act was revised.



The Commission analyzed 4.7 gigabytes of data that had been restored from the stolen data, about 0.5% of the total leaked amount, and found that resident registration numbers and other personal data of about 18,000 individuals were leaked.



Given that most of the stolen data were not restored, it is speculated that much more personal information were actually leaked.



Kang Dae-hyeon / Personal Information Protection Commission

Only 0.46% of the stolen data were restorable. An average of over 250 times more data could have been leaked.



The PIPC noted that the network communication channel was left open, allowing the intranet and outside networks to connect easily, thus leaving the internal computer network vulnerable to hacking.



The Commission explained that hackers infiltrated the network through this channel and stole the data.



It was also revealed that the administration office failed to take proper cybersecurity measures such as encoding lawsuit documents that contained resident registration numbers or installing security programs in the court's intranet system.