Search Engines Become Tool to Access Personal Information

In urgent need of money, J, a 23-year-old office worker, logged onto an online lender website last summer. To open an account, she provided her personal information. After a telephone conversation with the lender, she decided against taking loans because of the high interest rates.

Then, how was it that her personal information was kept?

Dong-A Ilbo ran a search of her name on a portal site.

The search turned up the website address of the lender. When we clicked onto the address, we were directly led to the webmaster’s pages of the lender, where there was not only information about J but also about 5,000 other people who had applied for loans in the previous years.

It included not only such basic information as the applicants’ addresses, telephone numbers, and national IDs, but also their family histories, places of work, property taxes, annual incomes, pay days, and the number of membership years of their healthcare insurance. What is more, such information is being updated in real time as new applications are being filed.

As of October 5, several days after our investigations, the webmaster’s pages have become inaccessible.

Widespread –

The lender is no exception. A 36-year-old woman filed a complaint with the Korea Information Security Agency for breach of private information after discovering that the national ID number that she provided for a members-only website was exposed.

“I demanded them to remove my ID number from the site,” she said. “However, they did not take any action.”

Leaking of private information by a search engine also occurs on “internet cafes” and clubs. A search of “membership lists” and “minutes” leads to access of such private information.

A search of “reserve army drill list” turned up a list of students at a college who are scheduled to take the drill in 2004. The list contains the names of 137 students, their military ID numbers, dates of birth, and majors.

The Personal Data Protection Center classifies such cases as leaking of personal information due to poor technological management. About 11 complaints were filed in 2001, 37 in 2002, and 181 in 2003.

“About half of the complaints are related leaks by search engine searches,” said Yun Soo-young, a researcher at the center.

No Legal Recourse –

Security experts attribute the leaks to the poor security system of the websites.

“When they do not build a website according to security guidelines, citing lack of time or money, such problems are bound to happen,” said Shim Won-tae, who leads the KISA’s anti-online security breach team.

What is more serious is that there is no legal basis to punish the leaking of private information due to poor security.

“It is possible to criminally charge when webmasters deliberately leak information or abuse it,” said the anti-cyber terrorism team member of the National Police Agency. “There is little option for individuals but to file a civil lawsuit for financial or psychological damages.”

Jae-Dong Yu Ji-Won Jun jarrett@donga.com podragon@donga.com