Posted September. 06, 2008 00:33,
Updated January. 01, 1970 09:00
Two multimedia discs containing the personal information of 11.1 million customers of GS Caltex, one of the nation`s largest oil refineries, was found on the street, police said yesterday.
Police have not yet confirmed any damage caused by the leak, but this is considered the countrys largest leak of its kind given the number of people involved.
In February, the personal data of 10.8 million customers were leaked when the online shopping mall Auction.co.kr was hacked.
The Cyber Terror Response Center of the National Police Agency dispatched two detectives to GS Caltex headquarters in southern Seoul to investigate.
The discs -- one DVD and a CD-Rom which are believed to have been thrown away -- were found early this month by an office worker in a backstreets trash pile near Gangnam subway station in Seoul.
The DVD contained 76 files in a folder named GS Caltex, including the names, social security numbers, addresses, cell phone numbers, email addresses and workplaces of customers sorted by age. The CD-Rom is believed to be a sample of the DVD as it contains only a few peoples personal data.
We received the CD around 3 p.m. Thursday and have been comparing the personal information with the one stored in our own server, a GS Caltex source told reporters.
We have tentatively concluded that it is membership information collected for the bonus card issued by our company. The bonus card offers discounts for fill-ups, and is mainly issued by gas stations to compile customers personal information.
The bonus card in question contains no credit card or bank account details, as it is a simple card that cannot make purchases, says senior GS Caltex executive Na Wan-bae. There has been no trace of hacking. And no one has made threatening phone calls using the list.
Experts say a GS Caltex employee likely stole the information for personal purposes given no signs of hacking and the anti-hacking system being intact.
For now, we are investigating the case while taking all possibilities into account, including hacking and leaks by its own employee, a police official said. We can charge both the person who leaked the information and the company for violating the law on telecom networks and information protection.