U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

South Korean Woori Bank is accused of unauthorized use of customer data

Unauthorized use of customer information by Woori Bank, ‘crime act’ for customers. The bank changed 23,000 passwords in 2018 without consent. It is controversial that Woori Bank changed the passwords of 23,000 customer dormant accounts without consent in July 2018. The accounts are deactivated if there is no transaction for one year after their opening. […]

Woori Bank

Unauthorized use of customer information by Woori Bank, ‘crime act’ for customers. The bank changed 23,000 passwords in 2018 without consent.

It is controversial that Woori Bank changed the passwords of 23,000 customer dormant accounts without consent in July 2018.

The accounts are deactivated if there is no transaction for one year after their opening. However, some branch employees of Woori Bank modified the passwords and as a result of the operation, the accounts have been reactivated.

This incident has been a major controversy since the media reported, and Woori Bank found that employees’ random passwords were discovered in their audits and reported to the Financial Supervisory Service (FSS), stressing that the operation was conducted by some employees and not by organized criminal gangs.

In this regard, the FSS said, “At the time of (2018), Woori Bank prepared a countermeasure against recurrence and confirmed that there were no similar cases in the whole banking sector. “We didn’t take any action or cover it up for more than a year.”The FSS added, “We are aware of the materiality of the matter and will proceed promptly to take necessary measures such as customer guidance.”

Woori Bank

The incident represents a privacy infringement for customers that did not know about the changes. The FSS has yet to give an explanation as to why it has not communicated to the victims. Article 71 (Penalty) of the Personal Information Protection Act states that a person who impairs, loses, alters, falsifies, or leaks another person’s personal information without proper authority is subject to imprisonment of not more than five years or fined not more than 50 million won.

Woori Bank employees involved in the case activated their dormant accounts by granting temporary passwords to their dormant customers’ accounts, and I think we should follow the FSS’s investigations in the future.

On the other hand, an official of Woori Bank, who met with the SecuN magazine, said, “I think it’s because we are a branch.
Indeed, performance pressures on employees in banks have been controversial. However, no amount of performance pressure can justify such criminal activity.”

In the era of the Fourth Industrial Revolution, when the importance of personal information protection is emphasized worldwide, the irresponsible behavior of banks that handle sensitive personal information and the unresponsive response of related ministries are the individual are worrisome.

This is a trend that shows how low the awareness of information security is.

About the author: 최형주 Hyung-Joo, Choi  Editor

The original post is available on the Secun website:

http://www.cctvnews.co.kr/news/articleView.html?idxno=160196

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Woori Bank, banking)

[adrotate banner=”5″]

[adrotate banner=”13″]