South Korean credit card firms are being investigated for failing to ensure the security of their clients’ data. Financial bosses bowed in apology as prosecutors said it took a USB stick for a contractor to steal credit card details of 20 million people.
Seoul has launched a probe into how six South Korean financial
firms, including KB Kookmin Card, Lotte Card, and NH Nonghyup
Card share the information on cardholders and manage their
security.
Photos showed senior executives of three credit card issuers
bowing in apology on Monday, as they promised to take legal and
moral responsibility for failing to secure the confidential data
of their clients. The Financial Services Commission’s (FSC)
Chairman Shin Je-yoon was also seen bowing his head for not
taking the necessary preemptive measures.
Reports said that heads of the financial companies were offering
to resign en masse as the regulators promised stern punitive
measures for all the institutions responsible.
Nearly half of the entire country’s population had their card
data stolen, the regulator confirmed on Sunday. Names, social
security numbers, phone numbers, job details as well as credit
card numbers and their expiry dates have been stolen.
For an employee of the Korea Credit Bureau (KCB) – a Seoul-based
company that produces credit scores – obtaining the vast database
was amazingly easy. The prosecution revealed that the thief,
referred to as a 39-year-old Park by the Korea Times, simply
copied the data to a USB stick.
According to the details of the investigation quoted by the
media, it has been revealed that Park was authorized to access
the database as he was setting up a fraud detection system for
several South Korean card firms in early 2012. The KCB maintained
he was a long-time “trusted” employee.
In all, the information linked to 80 million credit cards has
been stolen, AP reported citing the prosecution. After
calculating the overlapping users of different credit card
companies and users with multiple cards, the FSS stated the leak
affected more than 20 million individuals.
The ultimate reference book of the nation’s cardholders was sold
by the IT worker to an advertising agent, ending up in hands of
several marketing firms. The directors of the firms have been
arrested, as well as the contractor himself, local media said.
Reports of the scale of the theft surfaced in South Korea earlier
in January, prompting cardholders to flock to banks and to
overload call centers and service websites with requests on
stolen private data. Many demanded their cards to be reissued.
The FSS has maintained that there is so far no evidence any part
of the leaked information has been abused.
The FSC head on Monday blasted the credit card companies for
failing to provide adequate security for their customers’ data,
saying that a task force has also been set up to investigate the
impact of the leak.
Seoul also said it will tighten the regulations and ban the
collection of resident registration numbers, imposing hefty fines
for disseminating them without appropriate legal grounds.
While described by South Korean media as a “historic”
data breach, the theft is only the latest to hit the country in
recent years. Millions of local telecom subscribers, social
network users and hundreds of thousands bank clients have had
their private data stolen in separate hacking incidents.
But the latest incident has apparently raised serious public
concerns on how financial firms handle customer information after
the FSC revealed that it was unencrypted and that the credit card
firms were unaware of the theft until being notified by the
investigation. A local customer advocacy group said it would
consider filing lawsuits against the credit card companies,
demanding compensationfor the clients.