South Korea’s Citizen ID System Is So Insecure It Will Probably Have to Be Redone

Millions of South Koreans have had their financial data compromised.

Photo by KIM JAE-HWAN/AFP/GettyImages

There have been so many huge data breaches in the United States that it’s starting to feel like nothing is secure. But in South Korea the situation is so bad it’s absurd. About 80 percent of the country’s 50 million citizens have had their government-issued ID number stolen, and 40 percent—including the country’s president—have had financial data compromised as a result of breaches at three credit card companies.

According to the Associated Press, the hacks started in 2004 and have steadily continued ever since. The problem is that the numbers are really easy to guess because they have been assigned using a pattern of birthdays and gender identification since the 1960s. And BBC News reports that citizens can’t change their government ID numbers even once they have been compromised.

It seems that the South Korean government will have to issue new numbers to everyone over 17, which could take 10 years and cost billions of dollars. Geum Chang-ho, a researcher at the government Korea Research Institute for Local Administration, told the AP, “Even if their numbers are leaked, people are unable to change them, so hackers are constantly trying to obtain these numbers and are managing it easily.”

The situation is particularly embarrassing because South Korea is known for investing heavily in technology infrastructure and being extremely tech-savvy (though really, what this says is that cybersecurity is woefully under-addressed pretty much everywhere). Technology researcher Kilnam Chon noted, “The problems [in South Korea] have grown to a point where finding a way to completely solve them looks unlikely.”

Time for a massive overhaul, and maybe a citizen ID program that wasn’t created in the 1960s by a dictatorship that was, unsurprisingly, not particularly concerned about privacy.