How can one keep personal info safe on the Internet?
Private information about 6 million subscribers of Hanaro Telecom, a broadband service provider, was illegally sold from 2006 to 2007.
The discovery of these data violations have prompted calls for strengthening protections and greater caution among consumers about online personal information.
If your personal information is leaked or illegally traded, you might become the victim of serious invasions of privacy. Such data as your name, birth date, residence registration number or address must be secure at all times.
Experts say one of the biggest causes of this problem is companies’ excessive collection of their customers’ personal information.
They use the information to analyze customers’ interests and tastes, but they don’t usually pay much attention to protecting this sensitive information.
The South Korean government’s budget for information protection is less than half that of advanced countries.
The government has said it will increase the budget by 9 percent over the next four years.
The Internet real-name system in which online users have to submit their residence registration numbers to sign up for a Web site is thought to be behind many of the leaks.
Personal information is stolen through hacking, illegal trade or unauthorized use.
Hackers use software known as spyware, which is surreptitiously installed on a personal computer where it intercepts data.
Wireless Internet connectivity has also become a tool for hacking.
On May 11, police arrested three suspects on charges of attempting to hack into the internal servers of Hana Bank and Korea Exchange Bank.
The Korean suspects, ranging in age from 25 to 51, allegedly parked their car in the parking lot of a Hana Bank branch in Myeong-dong, central Seoul, around 12:50 a.m. on May 10.
They are thought to have tapped into data from the bank’s wireless Internet connection on the building’s 6th floor.
The suspects acquired the bank manager’s ID and encoded password. The manager was using a computer with a wireless connection.
The hackers then went to the headquarters of the Korea Exchange Bank in Euljiro 1-ga, central Seoul, and attempted to hack into the bank’s server through a wireless Internet connection, police said.
In some cases, company staff take customers’ personal information and illegally sell it to other companies.
In April, Hanaro Telecom was found guilty of selling the residence registration numbers, addresses, phone numbers and other personal information of 6 million of its customers, without their consent, to telemarketing companies.
When personal information is leaked, victims might suffer financial damage or become targets of other crimes.
For instance, telemarketing companies send spam mail to e-mail addresses and cell phone numbers acquired illegally.
“Since companies ask online users to submit their residence registration numbers to verify their real names, it is difficult to protect personal information,” said Lee Pil-joong, a professor of engineering at Pohang University of Science and Technology and chairman of the Korea Institutes of Information Security and Cryptology.
“It is necessary to reduce the number of Web sites which require online users to submit resident registration numbers,” Lee said.
To address the problem, the i-Pin, or Internet Personal Identification Number, was introduced in 2005.
Online users are allowed to subscribe to some Web sites by submitting their i-Pin.
“We can prevent the leakage of personal information by ending the use of residence registration numbers on the Internet,” said Kim Hyeon-sung, a lawyer representing victims whose personal information was leaked through Auction.
“A person’s residence registration number never changes throughout his or her life; therefore, hackers target the number as a key to unlock all other personal information,” Kim said.
The residence registration number contains a person’s gender, age and birth date.
With this number, hackers can gain access to everything about that person, from medical to shopping records.
It doesn’t help that many people use the number when they create IDs or passwords for logging on to Web sites.
The i-Pin however, is a 13-digit number, which does not carry any information about the holder’s gender, age or birth date.
Online users can also easily change their i-Pin.
“To encourage more people to use i-Pin instead of a residence registration number, it is necessary to change the laws and regulations regarding online transactions, information and communications and the Internet real-name system,” said Seong Dong-jin, an official at the Korea Internet Corporations Association.
Civic groups and academics have raised a more fundamental issue. They argue that Web sites should stop the practice of asking online users for detailed personal information.
For example, to join Naver, the country’s largest portal site with a membership of 31 million, online users must reveal their names, e-mail addresses and residence registration numbers.
“In other countries, you can buy goods on Internet shopping sites by just providing a credit card number,” argues Jang Yeo-gyeong, an official at JinboNet, a civic group.
“Since it is possible to steal or illegally use the i-Pin of another person as well, we need to change the practice of collecting excessive personal information,” Jang said.
Lee Gang-sin, the head of the personal information protection team at the Korea Information Security Agency, emphasizes that “Most of all, people need to thoroughly protect their personal information.”
Online users can create their i-Pins at the Web sites of the Korea Information Service (www.vno.co.kr), the National Information and Credit Evaluation (www.idcheck.co.kr), the Korea Information Certificate Authority (www.signgate.com), Seoul Credit Rating and Information (www.siren24.com) among other government agencies, by verifying their names.
But in order to verify their real names, online users must submit their residence registration number as well as cell phone and credit card numbers or online certificates issued by their financial institutions.
By Lee Na-ree, Kim Chang-woo JoongAng Ilbo [email@example.com]