South Korean credit card firms are being investigated for failing to ensure the security of their clients’ data. Financial bosses bowed in apology as prosecutors said it took a USB stick for a contractor to steal credit card details of 20 million people.
Seoul has launched a probe into how six South Korean financial
firms, including KB Kookmin Card, Lotte Card, and NH Nonghyup
Card share the information on cardholders and manage their
Photos showed senior executives of three credit card issuers bowing in apology on Monday, as they promised to take legal and moral responsibility for failing to secure the confidential data of their clients. The Financial Services Commission’s (FSC) Chairman Shin Je-yoon was also seen bowing his head for not taking the necessary preemptive measures.
Reports said that heads of the financial companies were offering to resign en masse as the regulators promised stern punitive measures for all the institutions responsible.
Nearly half of the entire country’s population had their card data stolen, the regulator confirmed on Sunday. Names, social security numbers, phone numbers, job details as well as credit card numbers and their expiry dates have been stolen.
For an employee of the Korea Credit Bureau (KCB) – a Seoul-based company that produces credit scores – obtaining the vast database was amazingly easy. The prosecution revealed that the thief, referred to as a 39-year-old Park by the Korea Times, simply copied the data to a USB stick.
According to the details of the investigation quoted by the media, it has been revealed that Park was authorized to access the database as he was setting up a fraud detection system for several South Korean card firms in early 2012. The KCB maintained he was a long-time “trusted” employee.
In all, the information linked to 80 million credit cards has been stolen, AP reported citing the prosecution. After calculating the overlapping users of different credit card companies and users with multiple cards, the FSS stated the leak affected more than 20 million individuals.
The ultimate reference book of the nation’s cardholders was sold by the IT worker to an advertising agent, ending up in hands of several marketing firms. The directors of the firms have been arrested, as well as the contractor himself, local media said.
Reports of the scale of the theft surfaced in South Korea earlier in January, prompting cardholders to flock to banks and to overload call centers and service websites with requests on stolen private data. Many demanded their cards to be reissued.
The FSS has maintained that there is so far no evidence any part of the leaked information has been abused.
The FSC head on Monday blasted the credit card companies for failing to provide adequate security for their customers’ data, saying that a task force has also been set up to investigate the impact of the leak.
Seoul also said it will tighten the regulations and ban the collection of resident registration numbers, imposing hefty fines for disseminating them without appropriate legal grounds.
While described by South Korean media as a “historic” data breach, the theft is only the latest to hit the country in recent years. Millions of local telecom subscribers, social network users and hundreds of thousands bank clients have had their private data stolen in separate hacking incidents.
But the latest incident has apparently raised serious public concerns on how financial firms handle customer information after the FSC revealed that it was unencrypted and that the credit card firms were unaware of the theft until being notified by the investigation. A local customer advocacy group said it would consider filing lawsuits against the credit card companies, demanding compensationfor the clients.