South Korean data breach results in 220m records stolen

News
27 Aug, 2014

16 people have been arrested for stealing personal details of half the population

Personal details, relating to half of South Korea's population, have been stolen by hackers, including full names, account names, passwords and resident registration numbers.

The hack was revealed after 16 people were arrested for stealing data from a number of online game and movie ticket sites. They are said to have set up targeted attacks on registration pages of the sites to siphon off the personal details.

In total, 220 million records were stolen and they are said to contain 'personally identifiable' information about 27 million people aged between 15 and 65.

One of the hackers, known only by the name of 'Kim', used an extractor that allowed him to log onto user accounts after they used the sign up page and buy virtual currency using their account. He then managed to sell this virtual currency for a profit of $390,000 (£235,000).

Working with an accomplice, Kim also sold information to third parties, including, it's thought, mortgage fraudsters who paid him just 10 won (£0.006) for each person's data and people issuing illegal gambling advertising who each paid him 17 pence.

South Korean authorities are still searching to find out how far the data has travelled and are on the lookout for five more people they think were involved in the security breach.

This isn't the biggest data breach seen by South Koreans, though. In 2011, 35 million people (70 per cent of the population) had their details stolen when a Cyworld, a South Korean social network and Nate, a search engine, was hacked.

Earlier this year, 20 million South Koreans had their registration numbers stolen when an employee of the Korea Credit Bureau stole details of residents.

Read more about