The Ministry of SMEs and Startups has overhauled its internal management system to strengthen personal information protection, but a data leak occurred in the newly launched "Startup for All" project. A rush to meet deadlines during the project has been cited as one of the causes.
According to a compilation of reporting by ChosunBiz on the 25th, the Ministry of SMEs and Startups (MSS) undertook inspections and improvement work through outside professional organizations over the past two years to enhance the level of personal information protection. The move came after a series of incidents centered on private corporations in which personal information was leaked and files on victims' computers were encrypted, with money demanded for recovery, known as ransomware, leading the ministry to conclude that a response system was needed.
In 2024, when it took the first step to strengthen personal information protection capabilities, the Ministry of SMEs and Startups (MSS) and its affiliated and subordinate agencies managed information from 125 personal information processing systems and 170 files. To ensure safe management, it conducted training for employees and also provided tailored training for personal information protection officers and system operators. It reviewed related directives, guidelines, and procedures, as well as personal information processing systems and files.
Last year, it went a step further by conducting a drill to respond to incidents such as personal information leaks. While holding events to raise awareness of personal information protection, it also explored safe ways to use information by identifying cases of using pseudonymous data and reviewed protection measures. It moved to build a system that manages both the use and protection of personal information, going beyond merely preventing leaks.
But the incident occurred in a new project. Despite efforts to enhance internal personal information protection capabilities, in this year's Startup for All, the idea summaries, judges' comments, email addresses, and other data of 5,000 successful applicants were leaked externally. It is known to have occurred due to a hacking attack on an artificial intelligence (AI) solution corporations that participated as a support vendor for participants.
Some say that as the project was pushed forward on a tight schedule, personal information protection measures may have been deprioritized. With the focus on platform construction and the project launch, security checks were relatively neglected.
In fact, after the government announced the policy direction for the National Startup Era at the "National Startup Era Strategy Meeting" in Jan., the Ministry of SMEs and Startups (MSS) formalized the launch in Mar. with the opening of the Startup for All platform. The first cohort application closed in May, and 5,000 successful applicants were selected this month.
An official at the Ministry of SMEs and Startups (MSS) said, "After this year's National Startup Era policy was announced, we began procedures for Startup for All as an extra budget project, and it was carried out in a short period," and added, "As the platform build, recruitment, and screening proceeded quickly, there may have been areas we failed to fully address during preparation."
Police are currently conducting a pre-booking inquiry (preliminary investigation) into the Startup for All personal information leak. To protect the successful applicants' ideas, the ministry decided to support all of them with free registration for trade secret original certification. Trade secret original certification is a system in which the unique identifier of an electronic document is registered with a certification body to prove the time of existence of the document and the fact of possession.
Noh Yong-seok, first vice minister of the Ministry of SMEs and Startups (MSS), said on the 22nd, "We plan to cooperate so that the causes and impacts of the incident can be identified more thoroughly," and added, "We will prioritize supporting procedures to protect ideas and conduct external investigations and thorough security checks to provide relief and prevent a recurrence."