WinstechNet, a network security firm that has all three Korean mobile carriers as clients including KT, SK Telecom and LG Uplus, was found not to have been aware of the infringement for a year even after the hacking attack. The firm belatedly confirmed that personal information of employees was leaked from Groupware and reported it to the government. Concerns are growing in the industry as even security firms operated the firm without being aware of the infringement for a long time.
According to industry sources on Wednesday, WinstechNet's groupware was hacked in November last year. The leaked information includes information on about 1,000 people including employee name, mobile phone number, zip code, gender and e-mail stored in the groupware.
Winstechnet reported the fact to the Personal Information Protection Commission on Nov. 19. The company also informed the Korea Internet & Security Agency (KISA) of the recent infringement.
An industry official said, "Winstechnet did not report until a year after the personal information was leaked," adding, "I understand that KISA first grasped the relevant situation and informed the company." According to the current law, in the event of an infringement accident, it is necessary to report it to the Minister of Science and ICT and to KISA within 24 hours. In the event of personal information leakage, it must be reported to the data subject notification or the Personal Information Commission within 72 hours.
An official from the Personal Information Commission said, "The report was received the day before, and it is still in the early stages of the investigation," adding, "We will comprehensively review the contents of the KISA report."
"We have completed all supplementary measures such as patch work," a Winstechnet official said. "We will actively cooperate with the government's investigation in the future."
Meanwhile, WinstechNet, a cyber security company founded in 1996, was listed on the KOSDAQ in 2003. In March this year, the company changed its name from WinstechNet. It provides companies with more than 20 kinds of security solutions, including an intrusion prevention system (IPS), a DDoS blocking system, a next-generation firewall, and an intelligent persistent attack (APT) defense system. It also supplies related equipment to major mobile carriers and provides cloud security, security control, and security consulting. WinstechNet recorded 18.6 billion won in sales and 3.43 billion won in operating profit in the third quarter of this year.
fun3503@chosunbiz.com
- “Stop concealing hacking”
- SKT is 73 days old… When is KT
- The industry’s ‘wouldn't talk’ about KT’s next representative
- “Stop the Netflix solo” ‘Alone’ Disney to Join Competitors
- KT’s ‘ex-customer penalty exemption’
- Anti-spam solution is a fine
- Winstechnet Groupware Breach Traced to Web Shell Flaw
- Explosive hacking, government investigators ‘in place’