A Coupang supply truck seen in Seoul. (Yonhap)
On Thursday, Korean e-commerce big Coupang launched the outcomes of an inside probe into the latest leak of shoppers’ private data, figuring out the particular person behind the leak and claiming that not one of the data had been transferred outdoors of the corporate. However the Korean authorities forcefully objected to the net retailer’s unilateral announcement, asserting that none of its claims had been confirmed.
The Coupang leak is at the moment being reviewed by a joint public-private investigation staff. Coupang’s unconfirmed assertion that the leak didn’t trigger vital hurt is prone to spark controversy as a result of it got here simply earlier than related ministries had been scheduled to debate a possible response in a gathering organized by Korea’s presidential workplace.
At 3:30 pm on Thursday, simply half an hour earlier than the federal government assembly scheduled on the presidential workplace, Coupang despatched out a press launch stating it had “used forensic proof to determine the previous worker who leaked buyer data” and that “all of the units the leaker used to entry and extract buyer data have been safely recovered and secured.”
The corporate stated that the leaker used an inside safety key issued throughout their employment to realize entry to the private data of 33 million prospects, together with their e mail addresses, residence addresses and telephone numbers. However this particular person solely saved private data from about 3,000 accounts on their private desktop and laptop computer computer systems, Coupang stated.
“They didn’t have entry to fee data, login credentials or private customs clearance codes, and there’s no proof that the data [they did steal] was transferred outdoors [of the company],” the corporate stated within the press launch.
“The leaker confessed that they bodily destroyed their laptop computer laptop and threw it into a close-by stream. Primarily based on that testimony, divers managed to recuperate the laptop computer from the stream in query,” the corporate stated.
The Korean authorities objected strongly to Coupang’s announcement.
“We wish to clarify that Coupang’s claims haven’t been confirmed by the joint public-private investigation staff. We lodged a robust protest with Coupang for unilaterally disclosing issues which can be at the moment underneath investigation,” the Ministry of Science and ICT stated in a immediate assertion.
The Seoul Metropolitan Police’s cyber investigation division, which is at the moment investigating the case, additionally commented on Coupang’s claims.
“On Dec. 21, Coupang voluntarily submitted a number of items of proof, together with an announcement supposedly written by the suspect and a laptop computer laptop supposedly used within the legal exercise. We’re rigorously analyzing that proof to evaluate its validity and conducting a radical investigation to find out the veracity of Coupang’s claims,” a police spokesperson stated.
These remarks seem to convey robust annoyance that Coupang took measures into its personal palms and used inside data to determine a suspect and draft a written assertion whereas an investigation into this large-scale leak of non-public data — which occurred attributable to a failure of inside controls at Coupang — and an goal overview of the proof are nonetheless underway.
There are lingering questions concerning the findings of the interior probe that Coupang launched on Thursday. For one, discovering a serious suspect and soliciting testimony whereas legislation enforcement remains to be conducting its personal investigation may quantity to obstruction of an investigation. Contemplating that Coupang has apparently not handed the suspect over to the police, Coupang may have tainted proof by contacting a probable suspect earlier than they may very well be questioned.
Moreover, Coupang didn’t tackle a number of main questions within the case, equivalent to the way it made contact with the previous worker supposedly behind the leak, the place the suspect is at the moment situated, and what their motivations had been. In impact, the e-commerce agency has solely disclosed the claims prone to serve its pursuits within the ongoing investigation and introduced these claims as details.
As well as, Coupang has not supplied an in depth description of the way it performed the forensic evaluation of the laptop computer laptop and different legal devices or what proof it used to verify that the private data was not leaked outdoors the corporate.
One other controversial side of Coupang’s actions is that it leaked the findings of its probe on Christmas Day, a public vacation when authorities businesses are usually not conducting their regular enterprise.
Coupang’s place is that it confirmed that the suspect’s testimony was in line with its inside probe by way of a number of exterior opinions and that it had launched the findings as rapidly as potential to assuage prospects’ issues.
Nevertheless it’s uncertain whether or not the general public might be reassured by this sudden, unilateral assertion after Kim Bom-suk, chairman of Coupang Inc. — the US-based dad or mum firm of Coupang Korea — has been utterly noncooperative, refusing to attend hearings held on the Nationwide Meeting.
Specialists stated Thursday that Coupang’s response has been unreasonable.
“Coupang’s preemptive and unauthorized disclosure of issues which can be at the moment underneath investigation is just not motivated by urgency, however seeks to characterize this incident as merely being the deviant habits of a single former worker,” stated Kim Seung-joo, a professor on the Faculty of Cybersecurity at Korea College, in a Fb put up on Thursday.
“However what the federal government is at the moment making an attempt to find out is whether or not Coupang, given its previous file of great deficiencies with inside controls, has accomplished sufficient to handle and stop related deviant habits by different builders or former workers,” he went on.
Ko Hak-soo, the previous head of Korea’s Private Data Safety Fee, commented on Coupang’s try to border the difficulty as an “inside leak,” with no transmission of recordsdata to the surface.
“A leak refers to a scenario during which private data escapes the administration and management of the data custodian [in this case, Coupang] in opposition to its needs and is accessed and considered by an unauthorized third get together [in this case, the former employee]. Coupang appears to be acknowledging that its prospects’ private data was leaked in violation of the Private Data Safety Act,” Ko stated.
On Thursday afternoon, Kim Yong-beom, the chief secretary for coverage for the presidential workplace, chaired a gathering to debate what measures ought to be taken concerning the Coupang leak with members of the Nationwide Police Company and the heads of related businesses together with Bae Kyung-hoon, deputy prime minister and minister of science and ICT; Track Kyung-hee, chair of the Private Data Safety Fee; and Ju Biung-ghi, chairperson of the Korea Honest Commerce Fee.
The assembly was additionally attended by Oh Hyun-joo, third deputy director of nationwide safety, and Kim Jin-a, second vice minister of overseas affairs. A wider vary of officers had been introduced in amid indications that US-based Coupang Inc. is lobbying American politicians and enterprise figures to assist the corporate keep away from duty for the leak.
A authorities spokesperson stated after the assembly that, together with “finishing up a rigorous investigation and [appropriate] measures,” officers had “agreed to organize basic institutional reforms to forestall hurt to customers.” As well as, they determined that the cross-ministry job power dealing with the Coupang scandal might be expanded and positioned underneath the management of Bae, the ICT minister.
By Search engine optimization Hye-mi, employees reporter; Search engine optimization Younger-ji, employees reporter; Solar Dam-eun, employees reporter; Cho Hae-yeong, employees reporter
Please direct questions or feedback to [english@hani.co.kr]
