[Lawtok News] Even if you sell access logs, is it 'obstruction' of a forensic investigation?

Article posted in 2020-12-15 15:42:50 | VEAT

Law firm Veat’s An Il-won Senior Partner recently conducted an interview related to the leak of the ‘COVID-19 Access Log’ that recently occurred.

For more details, please refer to the RokTalk News article ‘Selling Access Logs Resulted in ‘Hindering’ Investigations?’ at https://news.lawtalk.co.kr/issues/3017.

 

Thank you.

Law firm Veat.

 

On June 26th, after Seoul recorded the largest number of COVID-19 cases to date (213 people), ‘dark files’ were being traded on Telegram. The file names were ‘COVID-19 Access Log,’ and the Excel sheets contained the personal information of tens of thousands of people. It included names, phone numbers, and residences.

“This data was stolen by hacking the Ministry of Health and Welfare and other agencies,” claimed the sellers, who claimed they had stolen a total of 2 million pieces of personal information. The police are currently investigating whether the government agencies were actually hacked. They were reportedly speeding up the seizure of the sellers’ bank accounts on June 25th.

... middle ....

If it was stolen through hacking, it violates the Personal Information Protection Act + the Information and Communication Network Act.

If the hacking is confirmed, the severity of the punishment will be much higher. An Il-won Partner said, “It violates the Personal Information Protection Act (Article 70, Paragraph 2) and the Information and Communication Network Act (Article 48, Paragraph 1). It punishes ‘a person who provides personal information obtained by illicit means for commercial or illicit purposes to a third party’ and ‘a person who illegally intrudes into the Information and Communication Network without legitimate access rights.’

The severity of the punishment will also be much higher. Violating the Personal Information Protection Act (Article 70, Paragraph 2) carries a prison sentence of up to 10 years or a fine of up to 100 million won, while violating the Information and Communication Network Act (Article 48, Paragraph 1) carries a prison sentence of up to 5 years or a fine of up to 50 million won.

While direct responsibility may not be established… the punishment may reflect the COVID-19 situation.

Furthermore, it is difficult to directly apply the Infectious Disease Control and Prevention Act, but nevertheless, “(the hacking or leakage of the access log) will increase the sentence.”

An Il-won Partner said, “Because it exploited the situation caused by the COVID-19 pandemic to deceive the general public, it will be reflected in the sentence,” and Kim Hak-yeong Partner stated, “If there is a need to strengthen punishment in the face of social circumstances, the punishment may be strengthened.”