Regulator plans to discipline Hyundai Capital over hacking

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://english.yonhapnews.co.kr/business/2011/05/18/55/0503000000AEN20110518003500320F.HTML

Yonhap News Agency
2011-05-18

SEOUL, May 18 (Yonhap) -- South Korea's financial regulator decided 
Wednesday to punish Hyundai Capital Services Inc. for lax computer system 
maintenance, which led to a major hacking attack at the biggest local 
consumer finance firm.

The Financial Supervisory Service (FSS) launched an inspection into 
Hyundai Capital on April 11 after a hacker broke into Hyundai Capital 
between March 6 and April 7, stole personal customer information and 
demanded cash from the company, threatening to leak it on the Internet.

Holding Hyundai Capital accountable for negligence in computer system 
security management, the FSS will submit the case to its disciplinary 
decision committee to decide on the punishment for Hyundai Capital and its 
executives, according to the regulator.

The FSS said data on 1.75 million Hyundai Capital customers was leaked 
during the attack, in which the hacker implanted a malicious program in 
the company's homepage. The program was downloaded onto computers of 
customers who accessed the homepage.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/