South Korea

손해사정 플랫폼 '사고링크' 개인정보 일부 유출

ZD Net Korea | Local Language | News | Jan. 23, 2026 | Privacy

On January 16, 2026, claims adjustment platform SagoLink disclosed a data breach in which some users' personal information was leaked after related data was posted in an external online space. The company detected signs of the breach on January 14 and quickly conducted an internal inspection, blocking access routes and strengthening security measures. SagoLink reported the incident to relevant authorities, including the Korea Internet & Security Agency (KISA), and is actively investigating the details.

The leaked personal information may include users' names, genders, dates of birth, mobile phone numbers, email addresses, marketing consent status, some accident-related data, and loss estimation information. Sensitive information such as resident registration numbers, login passwords, and payment details were not compromised, as SagoLink does not store unique identifiers, passwords (which are managed via third-party authentication like Kakao Login and Apple Login), or payment information (users deposit directly into virtual accounts).

While the risk of monetary loss or credential stuffing attacks is low, the exposure of names and mobile phone numbers raises concerns about potential phishing and other secondary damages. SagoLink has advised affected users to seek relief through the Personal Information Protection Portal or related institutions and has pledged to prioritize data protection and prevent further incidents, promising timely updates on new developments.

국정자원 화재 교훈 잊었나...민관 '오프라인 백업' 포기

ET News | Local Language | News | Jan. 23, 2026 | Critical Infrastructure Failure

The National Information Resources Service (NIRS) has discontinued the use of offline backups—physical isolation of data—in the Daegu Center's private-partnership cloud (PPP) zone. This decision removes the last line of defense against ransomware and large-scale network outages, despite a recent fire at NIRS's Daejeon headquarters that caused significant operational paralysis. Instead of physical, offline data dispersion using fireproof safes at the Gongju backup center, the three tenant cloud service providers (Samsung SDS, KT Cloud, and NHN Cloud) shifted to an online backup method via the "G-Cloud dispersion network" connecting the Daegu and Gongju centers.

Previously, NIRS stored data on physical media like tapes, kept disconnected from any network to protect against simultaneous compromise of original and backup data by disasters or cyberattacks. The new online backup approach, with continuous network connectivity, raises concerns about vulnerability to combined physical and cyber threats. This practice conflicts with the Electronic Government Act and National Information Security Basic Guidelines, which require remote data dispersion including physical isolation for systems rated "high" in importance. While remote dispersion is technically maintained via online transmission, abandoning the air gap undermines the intended security standards.

Additionally, the globally accepted "3-2-1 rule" for data protection—three copies on two media types with one offline backup—has been disregarded. Cost and administrative convenience are cited as primary reasons for abandoning offline dispersion; cloud service providers resisted the manual handling of physical tapes required by regulations, and government authorities deferred to CSPs' autonomy within the PPP zone contracts. NIRS officials noted they lack authority to impose offline backup mandates in privately operated PPP zones.

Security experts criticize this approach, noting major global cloud providers like Amazon AWS maintain isolated backup services despite additional costs. They emphasize that sacrificing critical security measures for convenience is unacceptable for nationally important data and call for urgent development of alternative protections such as logical air gaps.

Joongang Ilbo | English | News | Jan. 23, 2026 | UndeterminedTech Development/Adoption

Gwangju Metropolitan City has been designated as South Korea's first citywide autonomous driving test zone to accelerate AI-powered vehicle development and close the technology gap with the United States and China. The Ministry of Land, Infrastructure and Transport announced that about 200 self-driving vehicles will operate on public roads across Gwangju starting in the second half of 2026. This initiative is part of a broader economic growth strategy aimed at boosting the country's competitiveness in autonomous driving by utilizing the entire city as a large-scale testing environment, similar to trials in San Francisco and Wuhan.

The government plans to appoint the Korea Automobile Testing and Research Institute to manage the program and will select about three autonomous driving companies through an open call by April. These companies will receive test vehicles based on their technical capabilities, beginning with autonomous driving accompanied by safety drivers and moving toward fully driverless operations after annual reviews. A standardized system will collect and preprocess driving data to train AI, with support for large-scale GPU-based training at the national AI data center. Additional measures include remote monitoring, safety management systems, and a specialized insurance product to mitigate compensation risks from accidents during testing.

South Korea has already implemented advanced regulatory frameworks, including safety standards for Level 3 conditional automation and performance certification for Level 4 automation, but has been limited to smaller testing zones until now. Officials emphasized that larger-scale real-road testing is essential for AI systems that learn from extensive data and make independent driving decisions. Land Minister Kim Yun-duk noted the urgent need to catch up with global leaders, characterizing Korea's current autonomous driving technology level as elementary compared to more mature development in the U.S. and China.