Hope Bridge Korea Disaster Relief Association, a government-designated disaster relief organization, has suffered a data breach exposing donor personal information, following a similar incident at the Community Chest of Korea (known as "Fruit of Love").
According to government officials and Hope Bridge on the 6th, the organization posted "2022-2024 settlement data" on its website on the afternoon of the 5th of last month. The document contained donors' real names, resident registration numbers, and donation amounts. Approximately 1,000 individuals had their personal information exposed.
Hope Bridge discovered the breach during an internal audit on the 25th of last month, 20 days after the initial posting. The organization removed the post at approximately 4:10 p.m. that day. Two days later, Hope Bridge posted a data breach notification and apology on its website.
"We have confirmed there has been no additional leakage or secondary damage from the breach," the organization stated. "Should any donors suffer damages, we will do our utmost to provide remediation in accordance with relevant laws and procedures."
The Ministry of the Interior and Safety and Korea Internet & Security Agency, which received the report from Hope Bridge, plan to investigate the exact scale of damage and circumstances of the leak.
Earlier this month on the 5th, the Community Chest of Korea experienced a similar incident exposing real names and resident registration numbers of approximately 600 high-value donors who contributed 20 million won or more. The settlement data containing personal information had reportedly been publicly accessible on the website for 11 months since April of last year.
