[Anchor]
Following the breach at Coupang, a subcontracted worker at the delivery platform Baedal Minjok used stolen customer information to carry out crimes.
With internal leaks at platforms occurring repeatedly, can these breaches be stopped? Reporter Kim Seon-hong reports.
[Reporter]
The Coupang incident, which exposed roughly 33.7 million people’s personal data, was carried out by a former employee.
A similar case has now emerged at another company.
Authorities say an arrested group that offered “retaliation-for-hire” services obtained customer information from the delivery platform Baedal Minjok.
They had associates pose as employees at a Baemin customer-service subcontractor to verify targets’ addresses.
Investigators say about 1,000 records were queried with no connection to customer service.
Baemin, the platform operator, said it requires staff to justify any queries that exceed order volumes and provides annual training.
But either the company lacked an alert system to notify managers when employees accessed personal data outside their duties, or such systems did not function properly.
「Kim Myung-ju / Professor, Department of Intelligent Information Security, Seoul Women’s University」 If stored or queried data have no link to job duties, systems typically flag them as anomalies. Looking at counselors’ access patterns and timing, these should have been predicted in advance, but many warning signs appear to have been missed.
Baemin reported the leak to the Personal Information Protection Commission, moved to terminate the subcontractor’s contract, and said it will comprehensively overhaul how it manages customer-service staff.
As platform customer data continue to be leaked and used in crimes, some experts are calling for tougher penalties—such as higher fines and stricter enforcement—to increase accountability.
「Kim Seung-ju / Professor, Graduate School of Information Security, Korea University」 Construction firms keep subcontracting and then shift blame when accidents happen, so the principal should be held responsible. We already have data protection laws, but if enforcement has been weak, the level of punishment should be raised, much like the approach taken with the Serious Accidents Act…
Some have proposed collecting sensitive personal information, such as legal names, only once at signup for verification and not retaining those records afterward.
This is Kim Seon-hong for Yonhap News TV.
[Video editing: Park Chang-geun]
[Graphics: Jeon Hae-ri]
#leak #Coupang #police #platform #Baemin #data
Yonhap News TV tips/inquiries: KakaoTalk/LINE jebo23
Kim Seon-hong (redsun@yna.co.kr)
