▲ Han Seong-sook, Minister of SMEs and Startups and nominee for Prime Minister, delivers remarks at the launch ceremony for the first cohort of 'Startup for All' held at SVC Seoul in Mapo-gu on the 16th.
The data breach involving the Ministry of SMEs and Startups' "Startup for All" project, which resulted in the exposure of personal information and startup ideas of thousands of successful applicants, has been revealed to be the result of a hack by a company participating in the project to support participants, rather than an external attack.
According to a "Personal Information Breach Report" submitted by the Korea Institute of Startup & Entrepreneurship Development (KISED) under the Ministry of SMEs and Startups to Representative Kang Seung-kyu of the People Power Party today (June 21), the institute stated that the breach occurred when "an AI solution company (participating in the project) obtained private email addresses through abnormal API (Application Programming Interface) calls at 9:00 a.m. on the 15th and sent promotional emails to those addresses."
In particular, the report noted that while the private email addresses were not displayed on the external interface, the company was able to acquire them through specific API calls and "web crawling," an AI-based automated data collection function.
Unlike typical hacking incidents where unidentified domestic or international hacker groups attack personal information servers through illegal means, this "Startup for All" breach was perpetrated by a company involved as a project partner.
The AI solution company was responsible for supporting participants in utilizing various AI tools to concretely develop their startup ideas.
KISED explained that although access to such information was blocked on the service interface, security for some server APIs, including participant profiles and evaluation comments, was insufficient.
As a measure to minimize the damage from the breach, the institute announced that it would provide a function on its website for data subjects to check whether their personal information was leaked and establish a dedicated contact window to guide victims and minimize further damage.
Furthermore, it stated that it had notified all 5,000 selected project participants of the breach via text message and reported the incident to the higher supervisory authority.
The leaked items include private email addresses, evaluation comments, and summaries of startup ideas.
However, the institute stated that the exact scale of the leak still requires further investigation.
In relation to this hacking incident, the Ministry of SMEs and Startups plans to hold a briefing tomorrow (June 22) with First Vice Minister Noh Yong-seok as the briefer, under the theme of "Current Status of 'Startup for All' and Future Operational Direction."
(Photo: Yonhap News)
※ Please note: This article was translated by AI and may contain errors.