Go to contents

Personal Data on Thousands of Officials Leaked

Posted August. 22, 2008 08:15,   


The personal data of thousands of officials has been leaked, the government said yesterday, including social security and phone numbers, and personal IDs to access the government data base and raising fears over identity theft.

The Education, Science and Technology Ministry said the personal information files of 7,617 officials who took online education in April was accidentally posted on its Web site, affecting dozens of agencies such as the Board of Audit and Inspection, prosecutors’ offices and the Agriculture, Fisheries and Food Ministry. The files contain the names of government agencies, department titles, work status, names and social security numbers.

The Education Ministry discovered the flaw Monday in a security system check as part of Ulchi Freedom Guardian, an annual computer joint military exercise between Korea and the United States.

The files were immediately deleted from its home page but it was still possible to download the files on certain Web search engines until early yesterday. Thus the personal information of thousands of officials was left online until the flub was discovered almost two weeks later.

An information security analyst at the ministry said, “A security worker discovered the file downloading was possible on Google and deleted the entire source code from the server.”

Internet search engines, however, keep deleted information in their cache servers though data is removed by a delete request from search engine results.

Along with the Education Ministry’s files, the personal information of Public Administration and Security Ministry officials was also leaked. The files are said to contain information on department titles, work status, mobile phone numbers and personal IDs for a database of 106 civil servants at state universities such as Seoul National University.

The same files posted on the ministry Web site contained no phone numbers and personal IDs. Experts say the leaked information was originally filed for internal use.

A security analyst at the Education Ministry said, “I`ve never heard that such information was leaked on the Internet. We have yet to figure out the original source of the leak.”

Certain IT experts say the fundamental reason for the leak was the failure to install a security filtering system that automatically filters personal data when it is posted on its server.

The Education Ministry confirmed that its budget allocated for the purchase of a personal information filtering system this year was postponed to next year, leaving its system server vulnerable.