In 2013, NSA and President Obama were accused of wiretapping several representatives of various countries around the world as well as illegally collecting personal information of the general public of the United States, which violated their privacy and security. As such information is more or less digitalized these days, there has been a tremendous increase in reported cases of both hacking and information leakage. Statistics show that the approximate number of leakages since 2008 in Korea alone stands at over 200 million, which is equivalent to an average of four cases per person. Recent security breaches in firms (KB card, Lotte card and NH card to list a few) have led to the exposure of millions people’s personal information, causing people to question the degree of data protection in firms.
Confidentiality of personal information is crucial because it literally tells us the identity of a person; this includes identification (ID) numbers, house addresses, and phone numbers. The most significant of all is credit information, which gives data about the financial status or background of a person such as income, wealth, and history of transactions. The possession of such data would allow anyone to go past verification steps before making online transactions without the need of any consent. This means that unwanted expenditure or withdrawal of cash may occur regardless of time and place. Moreover, from the perspective of a firm, personal information may be exploited intentionally to create consumer demand for particular services. For instance, if credit details are made accessible or sold to loan businesses, they will use it to contact those who have history of making delay fee payment to make a loan right around payment deadline. In this way, they will have a higher chance of succeeding in lending cash to the general public. This is the reason why a hidden market exists where illegal transactions of customer database are made. It was found that customers’ personal information leaked from hacking KT homepage recently was used in mobile phone opening services, making total profit of 10 billion KRW in 2013. Why do such cases occur so frequently?
One of the reasons why various firms are so vulnerable to hacking is due to the fact that customers’ ID numbers were not encrypted at all. This has allowed hackers to use a freeware called Paros which uses trial-and-error basis to randomly fit-in ID number under several conditions such as the pattern of the customers’ ID number. This allows hackers to leak over 200 thousands clients’ personal information in a single day simply by running the software. In addition, some firms did not have a proper security system that detects increased rate of data trafficking. Such unusual data access should have been detected by the security system which should alarm the engineering team of respective firms to carry out thorough examination on any signs of a security breach. The frightening truth is that regarding the KT hacking case, hackers logged into the homepage at least 10 million times in 3 months without being detected by the security system; this shows that there was no proper security system set up to prevent such breaches.
As privacy violation becomes a sensitive issue in the 21st century, firms or organizations responsible for personal information ought to have a security system that will prevent any further leakage of private data.