The details of 350,000 South Korean people have been breached following the hacking of the Epson Korea website.
According to the South Korean news agency Yonhap, the breached records contained names, user IDs, passwords and resident registration numbers. Epson Korea said it is trying to track the hackers but has found no trace of them.
In a notice on its website, Epson Korea said: “We have discovered through an internal investigation that the customers' data were leaked. We apologise for causing the trouble.”
This breach follows last month's news that around 35 million South Koreans may had been impacted by a breach of SK Communications, which runs the country's largest social networking site Cyworld and the third-most trafficked search engine. The Korea Herald reported that officials at SK Communications blamed malware that could be traced back to China.
Ross Brewer, vice president and managing director for international markets at LogRhythm, said: “As people across the globe follow the South Korean example and become increasingly dependent on the online world, the amount of sensitive data stored and managed by organisations will increase exponentially.
“The Epson Korea breach is a perfect case in point. The company has come clean about being unable to find any evidence whatsoever left behind by the hackers, indicating that Epson didn't have the visibility required to effectively monitor IT systems and identify anomalous behaviour.”
Paul Vlissidis, technical director of NGS Secure, an NCC Group company, said: “This is the latest in a string of Korean cyber attacks, but has affected an international organisation that many British customers will recognise. It's a timely reminder that any organisation operating worldwide needs to remain aware of local issues and security, to protect both its data and its international reputation. National borders are irrelevant when it comes to cyber security.”
Graham Cluley, senior technology consultant at Sophos, said: “Although you may not care very much if someone can log into your account at Epson, you certainly will care if they can also use the same password to access your other online accounts.
“Malicious hackers could clearly use the information they have stolen in targeted attacks against Epson customers, including spammed-out malware attacks (perhaps posing as driver updates for Epson products) or phishing campaigns. The fact that the hackers have their hands on other personal information belonging to Epson's customers can make any such attack all the more believable.”