BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hyundai Capital admits to unprecedented information leak

From: security curmudgeon <jericho () attrition org>
Date: Mon, 11 Apr 2011 02:51:05 -0500 (CDT)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://english.hani.co.kr/arti/english_edition/e_national/472385.html

By Jung Hyuk-june
The Hankyoreh
April 11, 2011

A recently announced hacking incident at Hyundai Capital marked an 
unprecedented systematic accessing of customer financial information by 
hackers, resulting in major aftereffects. The breach in the computer 
network has not only sunk confidence levels to rock bottom for financial 
companies, for whom security is essential, but also spawned concerns about 
secondary effects due to leaked passwords and other information.

Hyundai Capital announced Friday that the personal information accessed 
through the hack consisted of name, email, and cell phone information for 
420 thousand people, approximately 23 percent of all customers, and that 
it bore no direct connection with financial transactions. However, Vice 
President Hwang Yoo-no said Sunday that there was ?a possibility that some 
secret information was hacked, including customer passwords and credit 
ratings,? indicating that it appeared likely that passwords were leaked 
for around 13 thousand customers.

In the past, there have been leaks of financial information amounting to a 
few hundred people through efforts by criminal organizations, but no cases 
such as this one of information being hacked for more than 10 thousand 
people at one time. In short, the company?s security system did not 
function at all. Observers are predicting no major damages in the 
immediate future, as the passwords accessed were for ?minus loan? cards. 
But the possibility does exist for secondary effects since many 
individuals use the same password at various locations when conducting 
transactions with financial companies.

The revelation of systematic criminal efforts by hackers has the potential 
to develop into a problem for the financial world as a whole rather than 
Hyundai Capital alone, as it is impossible to guarantee that the security 
systems of other financial companies such as banks and credit card 
companies are safe either. For this reason, many observers are saying that 
a full reexamination of the security systems for South Korean financial 
companies has become unavoidable.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/
Previous By Date Next
Previous By Thread Next

Current thread: