Sensitive personal information such as the salaries and performance ratings of 5,000 Samsung Biologics employees was leaked during the process of moving a shared folder, when permissions were temporarily lifted.
According to the Samsung Biologics Win-Win Union on the 11th, the incident occurred on the 21st of last month, and it became a topic of discussion inside the company after the union confirmed it on the 6th of this month.
The shared folder used by the company originally had team-based access restrictions so only that team's members could view it. However, during the migration process to move the folder by team unit, some files became viewable from outside.
The industry is raising the question of whether there was a mistake by a human resources team employee, but management believes that restrictions were temporarily lifted due to a technical issue, allowing some employees to access the files. The number of people who accessed them is estimated to be within 10, and the company convened those individuals to retrieve and delete the information and obtained pledges to prevent external leaks. However, some employees did not agree and are said to have provided the information to the union.
The company believes the incident stemmed from a technical issue and is working to determine the exact circumstances and prepare measures to prevent a recurrence.
John Rim, the Samsung Biologics CEO, apologized to executives and employees through a statement the previous day (on the 10th). However, the company has determined that some employees' acts of sharing management and personnel information externally may violate laws and is conducting a separate legal review.
The folder in question was found to contain sensitive personal information such as the resident registration numbers, salaries, and performance ratings of about 5,000 Samsung Biologics employees. Specifically, it included a large amount of sensitive materials: messenger records of instructions from the business support task force (TF), concerns by the head of human resources about the majority union, records of how the People Team and the Management Diagnosis Office reflected performance ratings, management of GD-rated employees (employees who received a specific performance grade), encouragement of voluntary resignations, a new HR system, data on steering performance ratings through the labor-management council, a list of union executives, manipulation of evaluations on Blind (an anonymous office-worker message board), potential evaluations for low performers, and a capital operation guideline for the PS system (a performance-linked compensation system).
The Win-Win Union said on its website, "We requested confirmation of this incident from management on the 6th, but management tried to cover it up by forcibly retrieving members' laptops," and added, "Together with the electronics branch, we will disclose the progress to all employees." It also added, "Within affiliates including Samsung Electronics, follow-up measures to prevent leaks of People Team materials, such as limiting storage of in-house emails, are underway."