Notch up the cybersecurity

The recent hacking incident at Hyundai Capital turned out to have originated from human error: the financial company’s lax sense of security in cyberspace. In an announcement made yesterday after months of investigation into the case, the Financial Supervisory Service concluded that the breach was caused by the company’s inability to implement preventive measures, adding that the company leadership is ultimately responsible for a massive leakage of customers’ information to a loan broker.

Hyundai Capital admitted that it didn’t properly manage a number of identification numbers and passwords that allow access to its main server. The company also conceded that its retired employees had accessed the server on seven occasions by the IDs and PWs they used when they worked for the company. Being aware of the fact that similar hacking incidents occurred previously, the company, however, didn’t take action to prevent a recurrence of hacking, including basic encoding mechanisms even department stores maintain to protect their customers privacy.

Customers are utterly dismayed at Hyundai Capital’s terribly slack attitude regarding the issue of privacy protection. If Hyundai Capital, a leading investment company in Korea, maintains such a porous system for cyberattacks, what about other financial agencies? It appears almost natural that a colossal electronic banking glitch debilitated Nonghyup Bank right after the hacking on Hyundai Capital. These can be dubbed archetypal dereliction of duty by financial institutions.

The FSS explained that the latest hacking incident has not yet caused financial damage to customers of Hyundai Capital. It also said that no information on 1.75 million customers was exposed on the Internet, either. Yet it’s too early to feel relieved. First, the amount of investors’ information that had been leaked turned out to be four times bigger than the original estimate. Therefore, they run the risk of further leaks which would inflict damage on themselves. The government and the industry must establish a solid system that would enable them to prevent cyberattacks.

It may be equivalent to mending the barn after the horse is stolen. Yet all financial entities, including Hyundai Capital and Nonghyup Bank in particular, must do their best to boost their cybersecurity. Hyundai Capital announced plans to reinforce its security competence by appointing a chief information officer in short order. We hope it’s not an empty promise.