Year-end tax settlement 821 personal information exposed to others… National Tax Service, individual notification scheduled

Year-end tax settlement simplification service

picture explanationYear-end tax settlement simplification service

▶ Click here for a larger view

It was found that the personal information of 821 people was exposed to others due to security loopholes in the National Tax Service’s Hometax Year-end Settlement Simplification Service.

On the 27th, the National Tax Service announced the results of an investigation into errors in the Hometax year-end tax settlement simplification service.

It is expected that the ramifications will be huge as the sensitive personal information contained in the year-end tax deduction data, such as family relationships, medical expenses, and card usage amount, was exposed to others.

The National Tax Service plans to individually notify victims of personal information exposure of the disclosure and apology, and establish a task force with external experts to take measures to prevent recurrence.

◇ You can log in even if you know your resident number… Simplified service opened for three days

The year-end settlement simplification service was opened at 6 am on the 15th with an error in the simple authentication process through a private certificate.

The simplified service can be used by logging in with a joint or private certificate. This year, 2 types of Naver and Shinhan Bank were added to the 5 types of available private certificates for Kakao Talk, PASS, Payco, Samsung Pass, and KB Kookmin Bank.

However, in the process of newly applying the two types of private certificates, a defect occurred in the program for linking the certification body.

The login process consists of steps of ‘Enter user name and resident registration number’, ‘Simple authentication such as authentication request and reply’, and ‘Verify whether user personal information and personal information match during authentication’. will be.

For this reason, after entering A’s name and resident registration number, an error appeared in which the login was completed even after authentication with B’s certificate.

If you know someone else’s name and resident registration number, you can log in and view all year-end tax settlement data, such as family relationships, medical expenses, and card usage.

This error occurred from the opening of the simplified service at 6 am on the 15th.

The National Tax Service recognized the error on the 18th, three days later, and blocked the login for the private certificate for about 3 hours from 8 pm on the same day and corrected it, but it was not possible to prevent the damage of personal information exposure for three days.


picture explanationrevenue

▶ Click here for a larger view

◇ 821 login cases under the name of another person… Individual notification key for exposure time and content

As a result of analyzing all log-in records for three days during which there was a system error, the National Tax Service revealed that there were 821 cases where the personal information of the user and the personal information during authentication were different.

This means that there were 821 people who entered other people’s names and resident registration numbers and logged in with their certificates to view the data. In the end, 821 people suffered personal information exposure damage.

It is also being further analyzed whether there are similar cases before the opening of the simplified system.

However, it was estimated that most of the leaked cases were data inquiries by family members and acquaintances.

According to the Personal Information Protection Act and standard personal information protection guidelines, the National Tax Service has decided to individually notify 821 people whose data has been viewed by others within 5 days of personal information exposure in writing, by e-mail, or by phone.

Individual notices will include an apology, details of data viewed by others, timing of personal information exposure, future measures, and damage relief procedures.

The National Tax Service also announced that it would prepare measures to prevent the recurrence of similar cases.

First, a personal information protection verification task force (TF) with external experts will be formed to check the status of personal information protection and management for the entire computer system, including this case, and prepare measures to prevent recurrence.

In the process of program development and testing, it was decided to strengthen error verification and to devise measures for diagnosing the appropriateness of personal information protection measures.

The National Tax Service said, “We sincerely apologize to the taxpayers for this incident.


Copyrights ⓒ Yonhap News. Unauthorized reproduction and redistribution prohibited



Leave a Reply

Your email address will not be published.