• Journal of Information Technology Services
• /
• v.19 no.4
• /
• pp.13-30
• /
• 2020

Not only does it cause damage to individuals and businesses due to the occurrence of large-scale personal information leakage accidents, but it also causes many problems socially. Companies are embodying efforts to deal with the threat of personal information leakage. However, it is difficult to obtain detailed information related to personal information leakage accidents, so there are limitations to research activities related to leakage accidents. This study collects information on personal information leakage incidents reported through the media for 15 years from 2005 to 2019, and analyzes how the personal information leakage incidents occurring to companies are related to the characteristics of the company. Through the research results, it is possible to grasp the general characteristics of personal information leakage accidents, and it may be helpful in decision making for prevention and response to personal information leakage accidents.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.273-276
• /
• 2014

In 2014, the leakage of personal information from 3 credit card companies resulted in divulging approximately 10,000 customers' personal information. Although the credit card companies concluded that there was no secondary loss due to the leakage of personal information, secondary financial losses resulting from the leakage of personal information currently occur. In particular, hackers who employ smishing masquerade acquaintances by using the divulged personal information to ask payment for Ms. Kim's Sochi Olympics legal processing or exposed traffic violations. The hackers cause secondary financial losses through smartphones. This study aims to conduct a forensic analysis of smishing incidents in smartphones through the leakage of personal information, and to make a forensic analysis of financial losses due to the smishing incidents.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.1
• /
• pp.215-227
• /
• 2018

As Korea is rapidly becoming an IT powerhouse in the short term, various side effects such as cyber violence, personal information leakage and cyber terrorism are emerging as new social problems. Especially, the seriousness of leakage of personal information, which is the basis of safe cyber life, has been highlighted all over the world. In this regard, it is necessary to estimate the amount of the damage cost due to the leakage of personal information. In this study, we propose four evaluation methods to calculate the cost of damages due to personal information leakage according to average real transactions value, personally recognized value, compensation amount basis, and comparison to similar countries. We analyzed data from 2007 to 2016 to collect personal information leakage cases for 10 years and estimated the cost of damages. The number of cases used in the estimation is 65, and the total number of personal information leakage is about 430 million. The estimated cost of personal information leakage in 2016 was estimated to be at least KRW 7.4 billion, up to KRW 220 billion, and the 10 year average was estimated at from KRW 10.7 billion to KRW 307 billion per year. Also, we could find out the singularity that the estimated damage due to personal information leakage increases every three years. In the future, this study will be able to provide an index that can measure the damage cost caused by the leakage of personal information more accurately, and it can be used as an index of measures to reduce the damage cost due to personal information leakage.

• The KIPS Transactions:PartC
• /
• v.14C no.3 s.113
• /
• pp.199-208
• /
• 2007

In a ubiquitous network environment, detecting the leakage of personal information is very important. The leakage of personal information might cause severe problem such as impersonation, cyber criminal and personal privacy violation. In this paper, we have proposed a detection method of personal information leakage based on network traffic characteristics. The experimental results indicate that the traffic character of a real campus network shows the self-similarity and Proposed method can detect the anomaly of leakage of personal information by malicious code.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.2
• /
• pp.463-474
• /
• 2016

As IT environment has changed, paths of information security in financial environment which is based on IT have become more diverse and damage caused by information leakage has been more serious. Among security incidents, personal information leakage incident is liable to give the greatest damage. Personal information leakage incident is more serious than any other types of information leakage incidents in that it may lead to secondary damage. The purpose of this study is to find how much personal information leakage incident influences corporate value by analyzing 21 cases of personal information leakage incident for the last 15 years 1,899 listing firm through case research method and inferring investors' response of to personal information leakage incident surveying a change in transaction before and after personal information leakage incident. This study made a quantitative analysis of what influence personal information leakage incident has on outcome of investment by types of investors by classifying types of investors into foreign investors, private investors and institutional investors. This study is significant in that it helps improve awareness of importance of personal information security by providing data that personal information leakage incident can have a significant influence on outcome of investment as well as corporate value in Korea stock market.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.10 no.3
• /
• pp.151-159
• /
• 2014

Recently, spread of large amount Smartphones made users to download location-based service applications, which provided by application developers. These location-based service applications are convenient tool for users. Location-based service use technology to find location of user and provide information of user's location. Leakage of information of user's location and expose of privacy life raised new controversy. In this thesis, it will analyze relations of increase of Smartphone market, usage of Location-based service and severity of personal information leakage. Also, it will analyze examples of user's case of damage which caused by leakage personal information and find solutions to reduce damage of personal information leakage. In research, it will find cases of damage that cause by Location-based service. Also it will analyze and research cases of damage and present with graph and chart. In conclusion, to reduce and prevent from damage which caused by leakage personal information, it is important that users and application developers to realize danger of private and personal information leakage. Also, user's personal information must deal with cautiously and application developers have to research and develop the application with powerful security.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.3
• /
• pp.558-575
• /
• 2013

The purpose of a data leakage prevention system is to protect corporate information assets. The system monitors the packet exchanges between internal systems and the Internet, filters packets according to the data security policy defined by each company, or discretionarily deletes important data included in packets in order to prevent leakage of corporate information. However, the problem arises that the system may monitor employees' personal information, thus allowing their privacy to be violated. Therefore, it is necessary to find not only a solution for detecting leakage of significant information, but also a way to minimize the leakage of internal users' personal information. In this paper, we propose two models for representing the level of personal information disclosure during data leakage detection. One model measures only the disclosure frequencies of keywords that are defined as personal data. These frequencies are used to indicate the privacy violation level. The other model represents the context of privacy violation using a private data matrix. Each row of the matrix represents the disclosure counts for personal data keywords in a given time period, and each column represents the disclosure count of a certain keyword during the entire observation interval. Using the suggested matrix model, we can represent an abstracted context of the privacy violation situation. Experiments on the privacy violation situation to demonstrate the usability of the suggested models are also presented.

• Convergence Security Journal
• /
• v.14 no.4
• /
• pp.109-116
• /
• 2014

Personal information leakage in financial corporations including three card corporations has occurred constantly this year. It is due to incomplete encryption system and negligent personal security. Solicitors are known as a cause of information leakage because they operate with leaked information. Information leakage can cause secondary damage with mental demage to person and result in a drop in reliability as well as an operating loss in financial corporations. Also because it can destroy a base of credit society, prevention of recurrence is badly needed. The government finally announced 'general measures for prevention of information leakage in the field of finance' with sanctions reinforcement and restriction to collect, possess, provide personal information as the main agenda. And a related law revision is going in the National Assembly. In this paper, effectiveness of government measures is weighed with the cause analysis of information leakage and countermeasure for prevention of information leakage is found.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.11
• /
• pp.489-494
• /
• 2013

Personal information has been transmitted in a variety of services of Internet environment, but individual users do not know what information is sent. In this paper, we aim to develop a monitoring tool that continuously monitors personal sensitive information in network packets and informs the user whether or not to leak. So we implement a monitoring tool of personal information and analyze the experiment results. In addition, we introduce a prevention of confidential information in company and a leakage prevention of medical information, for applications that take direct advantage. The results of this study, by contributing to prevent leakage of personal information, can help reduce cyber threats variously targeting personal information of users.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.2
• /
• pp.263-277
• /
• 2020

Children's use of the Internet is growing. Each company collects children's personal information. However, it is also difficult for children to recognize the concept of personal information. In this study, based on the analysis of newspaper children's personal information leakage, we investigated the occurrence of personal information leakage in children through ground theory, one of qualitative research methods used in the social science field. The ground theory is thought to be able to derive a causal relationship by identifying the leakage of children's personal information. As a result of the study, it was collected through the consent of the legal representative, but depending on the situation, the consent process was not performed. Even with the consent, it was found that due to insufficient measure to protect personal information, various situation(criminal damage, anxiety, embarrassment, anger, etc.) occurred the legal representative. As a result, children's personal information collection providers paid fines according to the situation.