Police arrest two men suspected of stealing i-PINsAuthorities said yesterday that they have arrested two men who they suspect circulated the personal information of more than 10,000 people, including their Internet Personal Identification Numbers (i-PINs) and resident registration numbers.
According to a briefing yesterday by the Seodaemun Police Precinct, officers arrested a 25-year-old Chinese man, surnamed Lee, and a 37-year-old Korean, surnamed Park.
Lee allegedly sold the i-PINs, which he bought from an Internet site for 6,000 won ($5.60) each, to Park at a cost of 10,000 won per item.
Park also allegedly profited by reselling the personal data at 20,000 won per item, the police said.
The i-PINs that Lee and Park allegedly sold were created using the names and resident registration numbers of people whose personal data had already been compromised in one of the biggest leaks of personal information earlier this year.
When they were asked to certify their identity before the i-PINs were issued, they sent SMS phishing links to their victims to gain access.
The government previously proposed using the 13-digit i-PIN verification system as an alternative to the resident registration number in the wake of a massive personal data leak in January, in which the information of roughly 82 million account holders was compromised.
The i-PIN doesn’t contain as much personal information as the resident registration numbers and only identifies the issuing institution and whether the Internet user is an adult.
However, because i-PINs - believed to be relatively safer - are already circulating on the black market, critics have argued that the authorities should reconsider applying the alternative identification system.
“Many experts have asserted that the I-PIN cannot be an alternative because it is still linked to the resident registration number,” said Chung Tai-myoung, a professor in the College of Information and Communication Technology at Sungkyunkwan University.
Oh Byeong-il, an activist with the Jinbo Network Center, an organization that promotes independent online activities, pointed out that “the risk for massive personal data leaks still remains high because most of the personal data is concentrated in just eight personal identification agencies.”
The Korea Credit Bureau, where the personal data of 82 million South Koreans was stolen in January, is one of those eight identification agencies.
BY KOO HYE-JIN, KIM BONG-MOON [firstname.lastname@example.org]