본문 바로가기
K-NEWS

KakaoPay Data Breach Scandal: The Serious Issue of Inadequate Pseudonymization

by Maccrey Korea 2024. 8. 19.
반응형

Recently, it has been revealed that KakaoPay provided over 54.2 billion pieces of personal credit information from more than 40 million users to Alipay, a subsidiary of China's Ant Group, without proper encryption. This incident has highlighted the inadequate data protection practices within domestic fintech companies and underscores the need for stricter privacy protection measures and regulations. In this post, we'll delve into the details of this scandal, the issues at hand, and the necessary steps moving forward.

The Details of KakaoPay's Data Breach

KakaoPay provided personal credit information from over 40 million users to Alipay over the past six years. However, the issue is that this information was not properly encrypted during the process. Information security experts point out that KakaoPay’s encryption methods did not meet even the most basic standards of pseudonymization.

 

Pseudonymization generally involves using encryption and other methods to protect original data. KakaoPay, however, used a publicly available encryption program but neglected essential security procedures like adding random values.

 

The Financial Supervisory Service revealed that KakaoPay used a commonly accepted encryption program but failed to include random values in the encryption function. This omission means that the personal data could potentially be re-identified by Alipay, exposing significant security risks. According to the "Guidelines for Pseudonymization and Anonymization in the Financial Sector" published by the Financial Services Commission and Financial Supervisory Service in 2022, pseudonymized data should include random values to enhance encryption complexity. KakaoPay's disregard for these guidelines has raised considerable concern within the security industry.

The Need for New Privacy Protection Measures and Regulations

This incident underscores the critical importance of data protection. While the pseudonymization system was introduced to promote the development of the data industry, failing to handle pseudonymized data securely only increases the risk of personal data breaches. Experts stress that companies need a thorough understanding of pseudonymization and an ethical responsibility towards data protection. Furthermore, without proper safety measures, the credibility of the entire industry can decline, negatively impacting industrial competitiveness.

 

Data protection is not just a legal obligation but a fundamental element in building trust and enhancing competitive edge. Moving forward, companies must strengthen their compliance systems for data protection by collaborating with external experts and finding more secure data handling methods. Without these efforts, issues like data breaches will persist, posing a threat to consumer trust and the future of businesses.

3 Line Summary for You

KakaoPay’s failure to properly encrypt the extensive personal data provided to Alipay has caused significant controversy. Security experts criticize KakaoPay for not adhering to basic pseudonymization procedures, highlighting the need for improved privacy protection measures. Companies must work with external experts to develop secure data handling practices.

 

공감과 댓글은 저에게 큰 힘이 됩니다.

Starting Google Play App Distribution! "Tester Share" for Recruiting 20 Testers for a Closed Test.

 

Tester Share [테스터쉐어] - Google Play 앱

Tester Share로 Google Play 앱 등록을 단순화하세요.

play.google.com

 

반응형