Don’t just blame the hackers

Personal information of about 35 million users of the popular Nate portal and social network Cyworld, operated by SK Communications, has been stolen in a hacking attack. When users log onto these sites with their user IDs and passwords, they receive notices that their personal data, including mobile phone numbers, citizen registration numbers, birthdays, e-mail addresses, IDs and passwords have been hacked. They are warned of spam mail and phishing scams and advised to change their IDs and passwords. The number adds up to just about every Korean capable of using a computer. Our personal information is being hacked and leaked overseas, probably to China.

Hacking and information leakages from Korean Web sites have become commonplace. In 2008, 10.81 million users of the Internet shopping mall Auction were attacked and last year Shinsegae Department Store lost data on 20 million customers. Credit card and financing company Hyundai Capital and the state-funded commercial bank Nonghyup were recently hacked. Authorities promised security reinforcement and protection from hackers. But hackers have gotten through every time, bombarding consumers with spam and phishing e-mails. Local companies demand various personal details when users subscribe, yet look the other way when they lose customers’ information due to their poor surveillance and protection.

We need new security standards. Despite repeated assurances of their vigilance, companies discover they have been violated long after the attacks take place. SK Communications tried to comfort clients by saying their IDs and passwords were encrypted. But hackers are experts in decoding.

Companies must thoroughly investigate these incidents and find out who is at fault. We cannot tolerate companies with poor security. They should be restricted from demanding sensitive identification information and strictly punished when found negligent in their management of client information. Except for financial transactions, American companies rarely demand social security numbers from users.

Companies must refrain from demanding and gathering too much personal information. Such practices only attract hackers and create social disorder and distrust. To online companies, clients’ information is crucial to their viability. But they must pay their clients due respect in exchange for access to valuable information. If they are incapable of protecting information, they should only ask for the basics.