A contractor handling IT maintenance at schools in Busan has been arrested for illegally accessing female staff members' cloud accounts and leaking hundreds of thousands of personal photos and videos, which he used to produce sexually explicit deepfake content.
The Cyber Investigation Unit of the Busan Metropolitan Police Agency said Friday that it had referred a man in his 30s, identified only as A, to prosecutors in custody on charges of violating the Information and Communications Network Act, the Sexual Violence Punishment Act, and the Youth Protection Act.
According to police, A, an employee of an outsourced firm contracted for IT equipment maintenance at Busan-area schools, is accused of illegally accessing the cloud accounts of school staff members during his visits to the schools from July 2021 to September 2025.
Investigators found that A took advantage of moments when staff members who had requested PC inspections stepped away from their desks, accessing Google Photos and Naver MyBox accounts that had been left logged in. He transferred 221,921 photo and video files to a USB storage device. The victims were identified as 194 female school staff members.
In analyzing mobile phones, external hard drives, USB devices, and PCs seized through search and seizure, police confirmed additional offenses. A is also accused of producing 20 pieces of sexually explicit deepfake content using the leaked photos and videos, as well as illegally filming school staff on 45 occasions.
He was also found to have downloaded and stored a total of 533 files, including child and youth sexual exploitation material, illegal footage, and sexually explicit deepfake content, from pornographic websites.
Police said the case illustrates how serious security gaps can arise during outsourced maintenance work that takes place repeatedly on school premises.
Observers point out that excessive trust in and inadequate oversight of outside contractor personnel can lead to privacy violations, making an urgent review of security systems across educational institutions necessary.
The Busan Metropolitan Police Agency has recommended that the Busan Metropolitan Office of Education strengthen security measures, including setting passwords for PCs and screen savers, logging out of the National Education Information System (NEIS), messenger and cloud accounts when leaving desks, avoiding unaccompanied repair work without staff present, and minimizing storage of sensitive data in shared folders.
"Given the heavy reliance on outside maintenance personnel at schools and public institutions, particular caution is needed regarding the possibility of privacy violations resulting from security gaps," a police official said.
