Go to contents

Accident or malicious scheme?

Posted April. 15, 2011 06:17,   

한국어

Customers suffered massive inconveniences after Nonghyup Bank’s network breakdown, the worst network accident in Korean financial history that was not fully repaired even after three days. Through Thursday afternoon, most services such as credit card cash advances, debit card transactions and Internet banking did not resume. Even after repairs, disruptions were found. The worst network glitch in Korea damaged 19 million customers at main offices and up to 30 million if all branches were included.

At 5:10 p.m. Tuesday, a computer instruction that ordered the deletion of the operating system entered the server at Nonghyup Bank headquarters and either deleted system or installed files independently. All financial transactions at the bank stopped for 19 hours. The instruction to delete was confirmed to have been issued from the laptop of an IBM Korea employee, who was in charge of maintaining and repairing the bank’s server. The employee denies wrongdoing. The top priority is to find whether the employee made a mistake or did it intentionally; whether an insider did it by using the employee’s computer; and if an outsider hacked the network. Some say this was not a simple accident.

Financial transactions were stopped by the order to delete the operating system via the computer of an employee of a service provider. This shows that the bank’s network security and management system did not even function as a supervisor. Other commercial banks said such a big breakdown cannot happen as long as more than 100 employees connive to destroy the system.

Even after the accident, Nonghyup flustered and responded belatedly to find the cause and repair the system. The bank, which plans to separate its credit business from economic business next year, poorly managed risks. Prosecutors and the Financial Supervisory Service should catch the hacker who ordered the deletion of files and hold Nonghyup responsible for paying little attention to security. Compensation for customers should follow for the damage done to them as a result of the breakdown.

Fears are growing among customers in the wake of security breaches such as the hacking of the customer database of Hyundai Capital and the network glitch of Nonghyup. Financial institutions must keep customers’ money safe but many do not invest in security as a priority. Yet good news can arise from bad if the incidents raise awareness among financial CEOs and encourage them to beef up security.