The photo shows the headquarters of SGI Seoul Guarantee in Jongno-gu, Seoul on the 16th. /Courtesy of Yonhap News Agency

The complete system paralysis at SGI Seoul Guarantee Insurance, which suffered a ransomware attack, has continued for the third day. SGI Seoul Guarantee urgently implemented emergency measures to allow for 'prior loan, later guarantee', but banks have shown reluctance, increasing the confusion among financial consumers. It is expected to take several more days until normalization.

The Financial Supervisory Service (FSS) plans to conduct a focused inspection of SGI Seoul Guarantee's security system to assess whether sufficient efforts were made to secure stability, including investigating any potential violations of the Electronic Financial Transactions Act. Although still unclear, if personal information leakage is confirmed, a significant penalty surcharge is expected.

According to the financial sector on the 16th, the Financial Supervisory Service (FSS) has been conducting on-site inspections of SGI Seoul Guarantee in conjunction with the Financial Security Agency since the 14th, when the system issue was recognized. Personnel from the FSS's IT Inspection Bureau and the Insurance Inspection Bureau 2, which is the relevant department, have all been dispatched to the site. An FSS official noted, 'For now, we are focusing all efforts on server recovery based on the pre-infection backup data' and added, 'We are also exploring measures to minimize damage to financial consumers whose guarantees have been blocked.'

The data recovery efforts are reported to be less smooth than expected. Initially, it was believed that as long as the integrity of the data was confirmed, the issues could be resolved since backup data was available. However, some of the backup data has also been hacked, indicating that it may take more time until normalization. The initial recovery target set by SGI Seoul Guarantee is for the 17th, but delays seem likely.

Screenshot of the SGI Seoul Guarantee website

Concerns about harm to actual users are significant. SGI Seoul Guarantee requested banks to proceed with lease loans without guarantees, just as before, but there is a reluctance to handle loans at the frontline. An employee from a major bank stated, 'Even if we confirm later that the loan cannot be guaranteed after execution, SGI Seoul Guarantee claims they will take full responsibility, but there are concerns about potential problems, making it difficult to proceed.' They are not accepting new loan applications at all. On the same day, a 38-year-old Mr. Kim, who revealed he was denied a guarantee application for SGI Seoul Guarantee’s lease loan, stated, 'SGI Seoul Guarantee claims they sent documents to the banks to allow for new loans, but I received responses from both banks that applications are currently not possible.'

The Financial Supervisory Service (FSS) has plans to convert the on-site inspection into an examination if signs are found that SGI Seoul Guarantee operated its security system inadequately. According to Article 21 of the Electronic Financial Transactions Act, financial companies must exercise due diligence as good managers to ensure that electronic financial transactions are processed safely. A fine of up to 50 million won can be imposed for failure to meet this obligation. If personal information leakage occurs, the issue becomes more complicated. Penalty surcharges will be imposed under the Personal Information Protection Act, overseen by the Financial Services Commission, and the Credit Information Act, overseen by the Personal Information Protection Commission, with both laws stipulating that penalty surcharges can be imposed at up to 3% of total revenue. Earlier, Kakao Pay was imposed a penalty surcharge of 5.968 billion won from the recent review and 15 billion won from the Financial Services Commission.

An FSS official said, 'We are looking into whether sufficient efforts were made to secure stability,' but added, 'However, it is not the stage to talk about sanctions yet. Right now, we are focusing more on normalization.'

☞Ransomware

A combination of ransom and malware. A hacking method that encrypts all data on a user's network and computer, making it unusable, and demands money in exchange for restoring it. Typically, it demands virtual assets that are impossible to trace.