Man arrested for circulating data

The Busan Nambu Police Precinct said it has arrested a 44-year-old man, identified as Mun, for circulating personal information of 12.3 million people, and is investigating 17 others they suspect have purchased the data. The leak comes just four days after the personal information of nearly 12 million subscribers to KT, the nation’s second-largest mobile carrier, was found to have been compromised.

The police suspect that Mun bought the personal information from December 2012 to January 2013 from a Chinese broker, and resold it to 17 people, including loan brokers, insurance company employees, mobile phone sellers and illegal gambling website operators, earning a profit of more than 10 million won ($9,388).

In the hard drive of Mun’s computer, police also found the personal information of 12.3 million people, including 4.2 million account holders with major mobile carriers, one million from financial institutions and seven million from travel agencies, online shopping malls and gambling websites. The actual number of victims may be lower taking into consideration customer overlap, they said.

The data included the detailed personal information of those individuals, including names, resident registration numbers, addresses, account numbers and phone numbers.

The authorities are investigating whether the data found in the hard drive is consistent with that of the mobile carriers and financial institutions. When the police sent the data to be checked, the relevant financial institutions responded that less than 10 percent of the data matched their customers, while the mobile carriers said that about 50 percent matched. The police also requested the Korea Communications Commission and the Financial Services Commission confirm the data found on the hard drive.

The mobile carriers insisted their main servers were not compromised by this leak, leading authorities to believe that the personal information of cell phone users was not leaked from the headquarters of the three major mobile carriers, but rather from online cell phone vendors by Chinese hackers between December 2009 and September 2013. “Most of the data Mun had seems to be the combination of the items that already existed in the market and ones that were newly leaked,” a police officer said.

In the wake of a series of personal data leaks, critics have argued that the companies that handle the personal information of their customers should be more alert to the possibility of security compromises. Others insist the government must come up with realistic and effective measures to combat leaks.

The police are also investigating whether Mun and the 17 other buyers further distributed the data, and have asked for cooperation from Interpol to find Chinese hackers and brokers.

BY KIM BONG-MOON AND WEE SUNG-WOOK [bongmoon@joongang.co.kr]