Privacy watchdog probes data leak potentially impacting insurance customers
Published: 08 May. 2025, 15:28
Updated: 08 May. 2025, 18:34
![Personal Information Protection Commission Vice Chairperson Choi Jang-hyuk speaks at a meeting at the government complex in Jongno District, central Seoul on April 23. [NEWS1]](https://koreajoongangdaily.joins.com/data/photo/2025/05/08/ed76b8da-f9d9-4a4c-ba02-9441f9d2c3f5.jpg)
Personal Information Protection Commission Vice Chairperson Choi Jang-hyuk speaks at a meeting at the government complex in Jongno District, central Seoul on April 23. [NEWS1]
Korea’s data protection authority has launched an investigation after two major insurance general agencies (GAs) reported data breaches likely affecting hundreds of thousands of customers.
The Personal Information Protection Commission (PIPC) said Thursday that it had received reports from two insurance GAs — Youfirst Insurance Marketing and Hana Financial Find — regarding potential personal data leaks and has begun an official probe.
GAs are independent insurance sales organizations that broker and sell products from multiple insurers under contract.
Youfirst Insurance Marketing, ranked 16th among domestic GAs by revenue with 140 billion won ($100.4 million) in the first half of last year, is a comprehensive GA handling both life and nonlife insurance. According to its website, it employs over 1,000 insurance planners, suggesting it serves at least several hundred thousand clients.
Hana Financial Find is a GA wholly owned by Hana Insurance, part of the Hana Financial Group. While its revenue figures are undisclosed, it acts as a sales channel for a range of financial products — including insurance, funds and loans — through affiliates such as Hana Bank and Hana Securities.
Authorities fear the breach could have affected not only policyholder data but also financial information tied to other Hana Financial Group services.
“Both companies were compromised via the hacking of administrator accounts used by a third-party vendor responsible for developing and managing their sales support systems,” said the PIPC. “If the GAs maintained delegated contracts with insurers for managing customer data, the compromised information may include sensitive personal details.”
The PIPC noted that even when the data belongs to financial institutions, non-credit-related personal information is still subject to the Personal Information Protection Act.
The commission is currently investigating how the leaks occurred and whether the companies fulfilled their data security obligations.
“If any violations of the law are confirmed, we will take strict action in accordance with relevant statutes,” the PIPC said in a statement.
Separately, the commission will conduct a privacy compliance audit of the integrated solution used by both GAs. Since the provider may have supplied the same software to other insurance GAs, officials are also investigating whether similar vulnerabilities exist across the sector.
“We understand that several other GAs may be using the same sales support system that was hacked,” a PIPC official said. “We plan to take this opportunity to examine the situation thoroughly, though the full scope is still being assessed.”
Translated from the JoongAng Ilbo using generative AI and edited by Korea JoongAng Daily staff.
BY MOON HEE-CHUL [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)