It was revealed that SK shieldus belatedly confirmed that some internal documents were leaked in an attack by a hacker group. Critics say the damage was exacerbated because the company overlooked two warnings immediately after the hacking occurred.
According to materials submitted by the office of Choi Su-jin of the People Power Party, a member of the Science. ICT. Broadcasting. and Communications Committee, from the Korea Internet & Security Agency (KISA) on Oct. 20, SK shieldus first received information about hacking of its sign-up service from a hacker group on Oct. 10. It also received the same warning email from the hacker on the 13th, but did not respond, saying there were no abnormalities in the system.
SK shieldus reported that it recognized the breach only after it confirmed at 11 a.m. on the 17th that information related to the company had been posted on the dark web. This was a week after receiving the hacking warnings. The hacking began when a technical sales employee's personal Gmail account (24GB in size) was exposed, and it was said that the issue was an automatic login setting in a security test "honeypot" environment.
The problem was the response afterward. SK shieldus reported to KISA on the 18th that "information leakage occurred due to automatic login to a personal email during a honeypot-based test," but refused all support for damage assessment and follow-up measures. As a result, KISA and the Ministry of Science and ICT are said to be unable to clearly determine the circumstances of the incident at this time.
SK shieldus counts SK Telecom, financial institutions, semiconductor corporations, and public agencies among its clients, raising concerns about secondary damage. Lawmaker Choi Su-jin said, "It is a serious problem that a leading security company in Korea did not know about the hacking for a week," adding, "The Ministry of Science and ICT and KISA should form a joint public-private task force to respond swiftly."