South Korean crypto exchange Bithumb has been prosecuted for its alleged failure to take adequate measures to protect personal information, which was later presumably exploited by hackers to steal funds from the platform. The news was reported by Cointelegraph Japan on June 19.
Prosecutors allege the data breach led directly to the second hack affecting the platform, in which almost $7 million in user funds was stolen.
As Cointelegraph has previously reported, Bithumb first notified authorities of a major data breach in late June 2017, thought to have affected around 31,000 exchange user accounts.
The data leak is believed to have originated from the computer of an unidentified company employee. Alleging that the exchange failed to implement adequate data security measures, prosecutors have charged Bithumb under the information protection article of Korea’s Information Communication Network Act, Cointelegraph Japan reports.
The leaked data of 31,000 Bithumb user accounts in 2017 reportedly included user names, phone numbers, email addresses and crypto transaction histories. Customer IDs and passwords were not, however, compromised.
Specifically, prosecutors accuse Bithumb of having stored customer data on employee computers without encryption, as well as failing to install security update software.
Bithumb issued a formal apology on April 19th, pledging to do its best to protect customers but countering prosecutors’ claims of a direct connection between the data breach and subsequent hack.
This spring, Bithumb suffered its third major hack and lost approximately $13 million in an incident executives have claimed was masterminded by an insider.
A prior hack in summer 2018 was initially thought to have resulted in the loss of as much as $31 million, a figure later reduced to $17 million.
In the wake of this spring’s latest breach, Bithumb conducted a third-party audit of its funds, stating that the stolen cryptocurrency (EOS tokens) were company funds and that it had moved all remaining tokens to cold wallet storage after the incident.