Financial authorities are pushing legal amendments to strengthen companies' system security, calling it pivotal to their survival amid a recent hacking and security breach at Upbit and Coupang, the financial watchdog said on Monday.“A regulatory and sanctions framework at least equivalent to that of the Financial Investment Services and Capital Markets Act will be fully introduced through legal amendments to establish system security as a core and essential investment for survival,” said the Financial Supervisory Service (FSS) Gov. Lee Chan-jin during a press conference held in Yeouido, western Seoul, on Monday.The act is a comprehensive law that regulates Korea’s capital markets to ensure fair competition, protect investors and enhance market efficiency.“Discussions are underway with financial authorities on revising the law to comprehensively strengthen areas related to consumer protection — such as system security — which have been relatively lacking,” Lee added.The governor's remarks followed the recent breach of personal information affecting more than 33 million users of e-commerce giant Coupang and the reportedly North Korea-linked hacking of 44.5 billion won ($30.4 million) in cryptocurrency at Upbit, Korea’s largest crypto exchange.Several companies have suffered data breaches this year, including SK Telecom, with the SIM card information of more than 23 million mobile users hacked in April, and Lotte Card, which experienced a leak that exposed the personal informati
Financial Supervisory Service cybersecurity rating report: https://www.rankiteo.com/company/financial-supervisory-service
"id": "FIN1764576187",
"linkid": "financial-supervisory-service",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': None,
'industry': 'Financial Services (Crypto)',
'location': 'South Korea',
'name': 'Upbit',
'size': None,
'type': 'Cryptocurrency Exchange'},
{'customers_affected': '33 million users',
'industry': 'Retail',
'location': 'South Korea',
'name': 'Coupang',
'size': None,
'type': 'E-commerce'},
{'customers_affected': '23 million mobile '
'users',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'SK Telecom',
'size': None,
'type': 'Telecommunications'},
{'customers_affected': None,
'industry': 'Banking/Payments',
'location': 'South Korea',
'name': 'Lotte Card',
'size': None,
'type': 'Financial Services'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (confirmed for '
'Coupang, SK Telecom, Lotte '
'Card)',
'file_types_exposed': None,
'number_of_records_exposed': ['33 million '
'(Coupang)',
'23 million (SK '
'Telecom)',
'Unspecified '
'(Lotte Card)'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (personal and '
'financial data)',
'type_of_data_compromised': ['Personal '
'Information '
'(Coupang, Lotte '
'Card)',
'SIM Card '
'Information (SK '
'Telecom)']},
'date_publicly_disclosed': '2023-11-20',
'description': 'Financial authorities in South Korea are pushing '
'for legal amendments to strengthen system '
'security following recent high-profile breaches. '
'The incidents include a hack at Upbit, where '
'44.5 billion won ($30.4 million) in '
'cryptocurrency was stolen in a North '
'Korea-linked attack, and a data breach at '
'Coupang affecting over 33 million users. '
'Additional breaches this year include SK Telecom '
"(23 million mobile users' SIM card info) and "
'Lotte Card (personal information leak). The '
'Financial Supervisory Service (FSS) emphasized '
'the need for a regulatory framework equivalent '
'to the Financial Investment Services and Capital '
'Markets Act to ensure system security as a core '
'investment for corporate survival.',
'impact': {'brand_reputation_impact': 'High (multiple major '
'companies affected, '
'regulatory scrutiny '
'increased)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ["33 million users' personal "
'information (Coupang)',
"23 million mobile users' SIM "
'card information (SK Telecom)',
'Personal information (Lotte '
'Card, exact number '
'unspecified)'],
'downtime': None,
'financial_loss': '44.5 billion won (~$30.4 million) '
'(Upbit)',
'identity_theft_risk': 'High (personal data of '
'millions exposed)',
'legal_liabilities': 'Potential (regulatory '
'amendments and fines under '
'discussion)',
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': ['Cryptocurrency '
'(Upbit)',
'Customer Data '
'(Coupang, SK '
'Telecom, Lotte '
'Card)'],
'reconnaissance_period': None},
'investigation_status': 'Ongoing (regulatory discussions and '
'potential legal amendments in progress)',
'lessons_learned': 'System security must be treated as a core '
'investment for corporate survival. '
'Regulatory frameworks need strengthening to '
'address gaps in consumer protection, '
'particularly in data security.',
'motivation': ['Financial Gain (Upbit)',
'Data Theft (Coupang, SK Telecom, Lotte Card)'],
'post_incident_analysis': {'corrective_actions': 'Proposed legal '
'amendments to '
'strengthen '
'system '
'security and '
'consumer '
'protection '
'frameworks.',
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': ['Enhance regulatory oversight and penalties '
'for security breaches.',
'Implement stricter data protection measures '
'across industries.',
'Invest in proactive cybersecurity '
'infrastructure to mitigate risks from '
'state-sponsored and financially motivated '
'threat actors.',
'Establish cross-sector collaboration for '
'threat intelligence sharing.'],
'references': [{'date_accessed': '2023-11-20',
'source': 'Financial Supervisory Service (FSS) '
'Press Conference',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': 'Legal amendments '
'under discussion '
'(Financial '
'Investment Services '
'and Capital Markets '
'Act)',
'regulations_violated': None,
'regulatory_notifications': 'Financial '
'Supervisory '
'Service '
'(FSS) '
'involved, '
'discussions '
'with '
'financial '
'authorities '
'ongoing'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': ['North Korea-linked (Upbit)', None],
'title': 'Major Data Breaches and Cryptocurrency Hack in South '
'Korea Affecting Upbit and Coupang',
'type': ['Data Breach', 'Cryptocurrency Theft', 'Cyberattack']}