Breach Hits U.S. Forces KoreaDatabase Compromise Affects 16,000
U.S. Forces Korea is notifying more than 16,000 South Korean employees, former employees and job applicants that their personally identifiable information was potentially stolen from two compromised databases. USKF is a division of the United States Pacific Command, a part of the U.S. armed forces responsible for the Pacific Ocean area.
Individuals affected are Koreans who used the Korean National Recruiting System on the Civilian Human Resources Agency website, USFK says.
USFK learned of the theft on May 28 when it was notified by the Civilian Human Resources Agency of a compromise to a server CHRA operates and the possible compromise of two databases where PII for applicant data is stored. The compromised server was removed from the CHRA network, USFK says.
Compromised information includes name, Korean identification number, contact information, education and work experience, according to a letter posted on the USFK website. No banking or credit card data was stored on the server, USFK says. Additionally, no military or defense-related classified information was compromised because the affected system was a human resources recruiting system separate from the military network.
"USFK takes this potential compromise very seriously and is reviewing policies and practices with a view of determining what must be changed to preclude a similar occurrence in the future," Gen. Curtis Scaparrotti, commander of USFK, says in the letter.
USFK will soon send out individual notification letters offering free credit monitoring services to those who request it. A call center has also been set up to address the incident.
Senior leaders at the U.S. Department of the Army and Republic of Korea government officials are working with USFK on the continuing investigation.