SEOUL, April 27 (Korea Bizwire) — The South Korean government on Thursday demanded LG Uplus Corp., South Korea’s No. 3 mobile carrier, expand its information security workforce and investment to improve its relatively loose network security, which was breached by unknown hackers earlier this year.
The personal data of 290,000 of the company’s customers, including their names, dates of birth and phone numbers, were leaked in a presumed hacking attempt on Jan. 2.
On top of that, LG Uplus’ network has suffered partial disconnections for a combined five times on Jan. 29 and Feb. 4 due to suspected distributed denial-of-service (DDoS) attacks.
The Ministry of Science and ICT has investigated the case since January and determined the cause of the incident.
The ministry said LG Uplus integrated its personal database system from 2014-2021 but failed to build a proper security system to oversee data flows and limit access to the database.
But the government said it failed to reveal the method of how the hackers penetrated the company’s network, as well as who the hackers were, as the long retention period has already expired.
The ministry noted that the data breach was mainly attributable to LG Uplus’ reluctance to spend on information security, compared with its local rivals.
LG Uplus spent 29.2 billion won (US$21.8 million) on the network security, accounting for 3.7 percent of its total investment last year, while industry leader SK Telecom Co. spent 3.9 percent and KT Corp. posted 5.2 percent, according to the ministry.
The company employed 91 security experts last year, far behind the 336 of KT and the 305 of SK Telecom.
“We demand LG Uplus expand information security personnel and investment to the level of its rivals,” the ministry said. “Also, it should come up with a real-time monitoring system for its network and expand data security facilities.”
(Yonhap)