Hyundai Capital admits info leak was a lot larger
Hacker got customer passwords and tried extorting money from company
[현대캐피탈 해킹] 추적 위해 보낸 돈까지 빼가…“전문 해커 조직적 범행”
|Chung Tae-young, CEO of Hyundai Capital, bows in apology to customers at a press conference yesterday. [YONHAP]|
Hyundai Capital, the consumer finance arm of Hyundai Motor Group, announced yesterday that the scope of a leak of customers’ private information is much greater than the company initially reported last Friday.
Hyundai Capital also admitted that private information about its customers has been trickling out since February, but the firm only became aware of it when a hacker who got hold of the information sent the company an e-mail to extort money.
Although Korea has seen its share of large-scale private information leaks in the past few years, this is the first time a financial firm has suffered a private information leak on such a scale.
Hyundai Capital held an emergency press conference yesterday at its corporate headquarters in Yeouido, western Seoul, to explain that it had previously underestimated the leak.
“After additional investigation, we have discovered the possibility that more customers [than previous announced] had their information hacked,” said Hwang Yoo-no, vice president in charge of management support. “We are also concerned that some of these customers’ credit ratings have been hacked.”
The financial company admitted the possibility of some 13,000 passwords being hacked from customers’ loan accounts.
The company previously announced that some 420,000 customers, or 24 percent of its total customer base, had their private information exposed to an unknown third party.
That unknown third party, a hacker, sent an e-mail at 9 a.m. on April 7 demanding money and threatening to disseminate the information if Hyundai Capital did not pay up.
“I am remorseful and ashamed that we could not prevent such an occurrence,” said Chung Tae-young, president of Hyundai Capital and Hyundai Card. “I ask our customers to rebuke us by all means, but do not become prey to excess anxiety. We are putting all we have toward stopping a second round of hacking and to never letting this happen again.”
Officials said that sister company Hyundai Card has a separate server and was unaffected by the hacking.
Hyundai Capital and Hyundai Card are separate corporations but are often treated as a single unit because they share much of the same operational aspects, such as workforce, headquarters and branches, as well as some of the same shareholders: Hyundai Motor and GE Capital International Holdings.
Hyundai Capital has currently dialed up security to its maximum level, enough for some customers to potentially encounter trouble when conducting transactions. It is also contacting customers whose information has been hacked by e-mail and phone to advise them to change their passwords.
Meanwhile, the Financial Supervisory Service is slated to begin an investigation today on whether Hyundai Capital’s IT management conforms with official guidelines.
It also wants to find out if the hacking was aided by a security lapse or was a malicious attack by someone inside the company.
Capital firms do not accept deposits and primarily engage in lending money for installment purchases. Hyundai Capital, the largest firm in the local capital industry by both revenue and number of customers, has seen solid growth by lending money to customers purchasing cars from Hyundai Motor and its subsidiary, Kia Motors.
By Lee Jung-yoon [firstname.lastname@example.org]한글 관련 기사
[중앙일보][현대캐피탈 해킹] 추적 위해 보낸 돈까지 빼가…“전문 해커 조직적 범행”
경찰 “필리핀·브라질 서버로 침투”
얼마나 송금했는지는 안 밝혀
현대캐피탈 고객 42만 명의 개인정보가 필리핀과 브라질에 있는 서버를 통해 유출된 것으로 드러났다.
서울경찰청 사이버범죄수사대는 10일 해커가 필리핀과 브라질에 있는 서버를 이용해 현대캐피탈 서버에 침투한 뒤 고객정보를 수집한 흔적을 찾아냈다고 밝혔다. 경찰 관계자는 “해킹 기술의 수준으로 볼 때 전문 해커가 한 명 이상 포함된 일당인 것으로 보인다”며 “외국에 공범이 있을 개연성이 높다”고 말했다. 경찰은 그러나 범인이 수사에 혼선을 줄 생각으로 일부러 다른 경유지 정보를 남겼을 가능성도 배제하지 않고 있다.
경찰은 또 현대캐피탈 측이 해커가 보낸 ‘협박 e-메일’에 적힌 계좌로 돈을 일부 송금한 것으로 파악하고 있다. 경찰은 이 같은 송금 내역이 범인을 특정할 단서를 확보하는 데 도움이 될 것으로 보고 있다. 경찰은 현대캐피탈 측과 송금 여부에 대해 협의했으며, 보낸 돈의 액수는 해커가 요구한 수억원보다 적은 것으로 알려졌다. 범인은 이 돈의 일부를 찾아갔다고 한다. 경찰은 해커가 e-메일에 제시한 계좌와 돈을 찾아간 계좌를 추적하는 한편 해킹 전력자를 상대로 수사를 벌이고 있다.
한편 금융감독원은 11일 신용카드 담당 및 IT 전문가들로 구성된 대책반을 만들어 특별검사에 나설 방침이다.