Korea Post has emerged as the biggest target of cyberattacks among agencies under the Ministry of Science and ICT. Given its nature of handling massive amounts of personal data based on finance and logistics, there is a growing call not only for stronger security but also for expanding liability insurance for damages to cover compensation in the event of an actual incident.
According to data submitted by the Ministry of Science and ICT to the office of Kim Jang-gyeom of the People Power Party, a member of the Science. ICT. Broadcasting. and Communications Committee, on the 28th, the number of detected cyber intrusion attempts at Korea Post and its affiliated agencies from 2020 through the end of Aug. this year totaled 52,656. That amounts to 93.9% of the 56,076 cases recorded across the Ministry of Science and ICT and all 64 agencies under it.
By agency, the lead agency Korea Post recorded the most with 34,757 cases, followed by the Postal Facility Management Agency (POMA) with 8,078, the Postal Logistics Agency(POLA) with 5,408, the Postal Savings & Insurance Development Institute (PoSID) with 1,454, and the Korea POstal Service Agency (POSA) with 2,959.
By intrusion type, data damage or leakage was the most common with about 42,000 cases, and simple intrusion attempts also reached around 10,000. This refers only to the number of attempts identified by the agencies and does not mean that actual hacking led to data leaks or service disruptions.
Analysts say Korea Post and its affiliates have become prime targets because, unlike other research or policy institutions, they hold large volumes of sensitive data such as personal, financial, and logistics information.
Accordingly, there are calls for affiliated agencies to also enroll in personal information liability insurance to prepare for actual breaches. The system mandates insurance enrollment or reserve accumulation so that corporations or institutions can compensate consumers in the event of personal information leakage. While public institutions are not required in principle, institutions with annual sales of more than 150 billion won that handle sensitive information for more than 50,000 individuals or hold personal information on more than 1 million individuals must enroll.
Public institutions are not subject to mandatory application, but those with annual sales of more than 150 billion won that process sensitive information or unique identification information for more than 50,000 data subjects, or that process personal information for more than 1 million data subjects, are required to enroll.
Korea Post falls under the mandatory category and is insured, but among its affiliates, only the Korea POstal Service Agency (POSA) is enrolled. The Postal Facility Management Agency (POMA), the Postal Logistics Agency(POLA), and the Postal Savings & Insurance Development Institute (PoSID) are not enrolled. Meanwhile, among other agencies under the Ministry of Science and ICT, seven, including the Korea Data Agency and the Korea Institute of Civil Engineering and Building Technology (KICT), voluntarily obtained insurance even though they are not subject to the mandate.