Personal information has been leaked from the official webmail systems of national universities across the country, including Pusan National University (PNU). While  PNU claims that no significant damage has been caused, the lack of details regarding the scale of damage and the cause of the breach has raised concerns among users.

On March 7th, according to PNU and the Ministry of Education, a data breach occurred in January, affecting the webmail systems of five universities, including Gangneung-Wonju National University, and nine other institutions. The breach resulted from security vulnerabilities in the cloud webmail system provided by Mailplug Inc., PNU’s webmail service provider. However, the Office of Information Technology and Services of PNU has stated that the university was not directly affected by the leak.

However, as the exact circumstances and extent of damage regarding this sensitive information leak have remained unclear, the school webmail users have been anxious. Typically, institutions disclose details such as the date and scale of the breach, and its cause when a data leak happens, but in this case, only the affected institutions and the types of leaked information have been revealed. PNU student A (Dept. of Political Science and Diplomacy, 22) questioned, “I wonder what critical information could have been leaked, which would directly impact security.”

It remains a concern that leaked data is vulnerable to misuse. The compromised information includes names, email addresses, and phone numbers, which could be exploited for spam emails, phishing scams, and smishing attacks. PNU Student B expressed a concern, stating, “After the recent Kakao data leak, I’ve been receiving an increasing number of phishing messages. My worry is  that PNU’s webmail system could also be at risk.”

PNU’s webmail system still remains vulnerable to security threats. Since PNU does not operate its own webmail system and instead relies on Mailplug Inc., it has limited control over security measures such as firewalls and security patches. The Office of Information Technology and Services implemented a password change policy on February 26th and pledged to continue monitoring security risks. An office official stated, “PNU undergoes regular security evaluations, and the number of security incidents remains low. We also conduct periodic security patches.”

Experts warn that both webmail users and system providers must take precautions. Users must comply with rules such as setting passwords according to guidelines, changing passwords periodically, and avoiding emails from unclear sources. Meanwhile, system providers should enhance security by enabling multi-factor authentication, implementing spam reporting functions, and using email categorization tools to prevent cyber attacks. Choi Yoon-Ho (Prof. of Computer Science and Engineering, PNU) noted, “Security can be strengthened when the three elements of user convenience in mind, user security awareness training, and system support work together in harmony.”

Reporter Jeong Su-Vin

Translated by Seo Yoo-Jung