Shinsegae arm reports leak of personal data involving some 80,000 employees

Seoul, Dec 27 Shinsegae I&C, the information technology (IT) arm of retail giant Shinsegae Group, said the personal data of about 80,000 employees and subcontractors had been breached, but no customer information was compromised.

"We have confirmed that personal data of our employees and staff working at our subcontractors has been leaked from our internal intranet system," the IT company said in a notice to the press about a data breach case.

The affected information includes corporate ID numbers, names, departments and IP addresses of Shinsegae group employees and staff from subcontractors of Shinsegae I&C, the company said, reports Yonhap news agency.

No personal data of customers was compromised, the company added.

Shinsegae first detected the data breach on Wednesday and reported it to the Korea Internet & Security Agency on Friday afternoon.

The IT unit under Shinsegae said it has launched an emergency inspection and took protective measures as soon as the data leak was identified.

A malware infection was reportedly behind the data breach, though the exact cause is not yet known.

"We are currently investigating the exact cause of the incident," a Shinsegae official said.

Shinsegae is a major retailer in South Korea, operating department stores, duty-free stores, discount store chain E-Mart and coffee franchise Starbucks.

Meanwhile, e-commerce giant Coupang said it has recovered all leaked personal information involving approximately 3,000 customers, adding that no data has been transferred to anyone outside the company.

Coupang said it has identified a former employee responsible for the data leak by using forensic evidence, adding that the individual confessed and provided a detailed account of how customer information was accessed, reports Yonhap news agency.

The suspect used stolen security keys to access basic customer information from approximately 33 million accounts, the company said.

However, data from only about 3,000 accounts was actually saved and later deleted by the suspect.

Last month, the government set up a private-public joint team to investigate the data breach at Coupang that affected 33.7 million users.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor