[Anchor]



Two universities that had the personal information of 400,000 students hacked will face hefty fines.



Investigations revealed that the academic information systems were poorly constructed from the beginning and were also poorly managed.



This is reporter Kang Pu-reun.



[Report]



The integrated information system of Jeonbuk National University, which contains student personal information.



Last July, this university was hacked, resulting in the leakage of personal information of over 320,000 individuals.



The hacker initially targeted student ID numbers.



According to the authorities' investigation, the low security level allowed the hacker to easily extract student ID numbers even with simple hacking attacks.



[Kang Dae-hyun/Director of Investigation at the Personal Information Protection Commission: "This is a very basic and fundamental attack. When the hacker injects a specific command, all student ID numbers from Jeonbuk National University can be extracted at once from that database...."]



Using the stolen student ID numbers, the hacker began the actual hacking.



After accessing the internal system through hacking commands, they looked into other students' information by changing the student ID numbers.



By utilizing the student ID numbers and hacking codes, they could view personal information without password authentication, a so-called 'parameter tampering attack.'



For one individual, more than 70 pieces of information were leaked, including names, resident registration numbers, addresses, and even school grades.



Two months later, Ewha Womans University was also hacked using a similar method, resulting in the leakage of personal information of over 83,000 individuals.



The Personal Information Protection Commission pointed out that the academic information systems of both universities were vulnerable from the time they were established and that post-management was also inadequate.



[Kang Dae-hyun/Director of Investigation at the Personal Information Protection Commission: "There was a lack of control over illegal external access, such as neglecting the monitoring system during non-working hours...."]



The Personal Information Protection Commission imposed fines of over 600 million won and 300 million won on Jeonbuk National University and Ewha Womans University, respectively.



This is KBS News, Kang Pu-reun.



