Thales Blog

Insider Threat Responsible For Massive South Korean Credit Card Breach – Organisations Still Lack Sufficient Data Controls

January 22, 2014

Screen Shot 2014-01-14 at 8.40.27 AMIn the last 48 hours there has been an abundance of news coverage around the data breach at personal credit ratings firm Korea Credit Bureau (KCB). The stolen data – which included names, social security numbers and credit card numbers – belonged to some 20 million South Koreans. To put this into context, that equates to 40 percent of the country's entire population.

While the specifics are still coming to light, the theft was allegedly carried out by a contractor tasked with improving security systems. It is believed the employee smuggled the data out over an extended period of time on a USB stick and later sold the information to phone marketing companies.

In what sounds like a terribly familiar turn of events, readers of this blog series will be quick to recognise this as a classic example of failure to control ‘privileged users’ on corporate networks. Privileged users exist in all organisations and, while their presence if often essential, their actions often carry significant operational risk. These users include ‘Root’ users, domain administrators and system administrators, many of which are often short-term contractors. They will usually have powerful, privileged, network access rights as they require a high level of access to enable them to conduct the essential tasks that they need to perform – such as software installation, system configuration etc.

As this case at the KCB aptly demonstrates, privileged users can quickly become a security risk when they not only have access to data files stored within computer systems, but also the ability to open those files and read, copy or change them. Unfortunately, as our own research from last October shows, a whopping 73 percent of organisations still fail to block privileged user access to sensitive data. And, yes, that’s October 2013, AFTER the Snowden revelations starting making global headlines. Sadly, such a worryingly high statistic indicates we’ll probably be seeing more and more reports of insider threat related data breaches in the year ahead.