The Securities and Exchange Commission (SEC) has sent a letter to the information technology executives of all securities business operators and digital asset business operators. Warn to set guidelines for coping and reducing risks that may occur. After the news of bad people claiming to have the personal information of 55 million people, the data set that was exposed and affected includes name-surname, ID card number. Date of birth, address and telephone number
SEC informs regulators involved in capital markets and digital assets In order to prevent the impact resulting from the leak of personal information by the SEC, it is expected that it could happen to the service user. and business operators Is taking advantage of using such datasets to deceive consumers to increase credibility. or use such data sets to steal user accounts, impersonate or falsify identities in an attempt to gain access to various transactions. which will harm the user of the service AND may affect the reputation of the company.
However, to reduce the chance of sick people. Using such a data set for exploitation, the SEC considers it appropriate to notify business operators in the capital market sector to recognize them. and set guidelines for coping If a malicious person takes advantage of the data set mentioned above to imitate various transactions, therefore, preliminary recommendations to take appropriate action are as follows.
(1) Questions used for customer identity verification over the phone should be changed. From the original use of questions that can be found from the information on the identity card Change to more specific questions, such as the last transaction or the last transaction channel, for example.
(2) The questions used for resetting passwords or forgetting passwords should be changed to more specific questions. Replace questions found on ID card page.
(3) Login to access various services on the application page or website should be set to be done on one device only. at any point in the transaction
(4) Strict measures should be taken to receive notifications of changes or amendments to important information. such as mobile phone number deposit account number Or the account number used to receive various benefits receiving documents or email to reduce the chance of bad people changing such information. and take full possession of the user account.
(5) Raising awareness or communicating with service users. Be aware of the channels for receiving information or official contact from your company. including channels for support
