"Recipient Information Not Included"
Unauthorized External Breach on June 4

BGF Networks Personal Information Leakage Notice. Screenshot of BGF Networks Homepage

BGF Networks Personal Information Leakage Notice. Screenshot of BGF Networks Homepage

View original image

BGF Networks, the operator of CU convenience store parcel delivery services, has confirmed a personal information leak and issued an apology.


According to BGF Networks on June 5, personal information related to CU convenience store parcel delivery was leaked on June 4 due to a hacker attack. The leaked information reportedly includes IDs and passwords, names, dates of birth, gender, addresses, email addresses, and mobile phone numbers. The leaked data is limited to information about online member customers, and does not include information of third parties such as recipients entered during parcel shipment.


Through the CU POST website, BGF Networks stated, "We deeply apologize," and explained that at around 3:30 p.m. on June 4, an unidentified hacker gained unauthorized access to the system and leaked personal information. The company said it promptly blocked the attacker's IP address and completed security measures as soon as it became aware of the incident.


BGF Networks also announced that it has activated its incident response team, is overhauling its security policies, and has reported the breach to relevant authorities, including the Personal Information Protection Commission and Korea Internet & Security Agency (KISA).


Because users' home addresses and mobile phone numbers were fully exposed due to the nature of the parcel delivery service, there is a high possibility that this information could be exploited for additional financial scams such as smishing or voice phishing in the future. BGF Networks stated, "Passwords are encrypted and therefore secure, but if you use the same password on other sites, please change your password for your safety."


Recently, personal information leaks have been occurring repeatedly. Just two days ago, there was a large-scale hacking incident at the online video service (OTT) platform Tving, which shares a similar pattern with the current CU convenience store parcel delivery information leak.


Previously, Tving announced that on June 2, a hacker accessed its database containing personal information through unauthorized external access and that personal information files were actually transmitted outside the company. The personal information hacked from Tving is known to include IDs, names, dates of birth, gender, mobile phone numbers, email addresses, passwords, as well as linked information (CI) and duplicate subscription verification information (DI) used as alternatives to resident registration numbers, and refund account numbers used for media payment refunds.


Hot Picks Today

"Let's Double with Samsung and SK hynix": Retail Investors Dump Semiconductor ETFs for Samsung and SK hynix Leverage Products "Let's Double with Samsung and SK hynix": Retail Investors Dump Semiconductor ETFs for Samsung and SK hynix Leverage Products

Tving received the personal information leak report at around 2:00 a.m. on June 3 and immediately launched an investigation. The Ministry of Science and ICT has classified the Tving leak as a "major security incident" with a very high risk of large-scale data leakage and further damage, and has formed a joint public-private investigation team to conduct a thorough investigation into the cause. The Personal Information Protection Commission also plans to investigate the specifics of the leak, the scale of the damage, and whether safety measures required by the Personal Information Protection Act were followed, through both data submission requests and on-site inspections.


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing