Marketers, IT contractor arrested in theft of 20 million South Korean credit cards

Filed Under: Data loss, Featured

South Korea credit card image courtesy of Shutterstock, 116809015At least 40% of South Korea's entire population - some 20 million people - have had their names, social security numbers and credit card details ripped off and sold to marketing firms in the nation's biggest-ever theft of personal information.

It's looking like an inside job.

The theft has been traced back to an IT contractor working for a company called the Korea Credit Bureau, which produces credit scores, the BBC reports.

The worker purportedly copied the massive trove of data onto a USB stick.

He's been arrested, along with two managers at the marketing firms who were allegedly willing buyers of the data.

According to the BBC, early reports point to the contractor, an engineer, being able to get his hands on the data courtesy of Korea Credit Bureau's access to databases run by three big South Korean credit card firms.

The Wall Street Journal reports that the chiefs of those credit card firms - KB Kookmin Card, Lotte Card, and NH Nonghyup Card - have publicly apologised for the leaks.

Prosecutors earlier this month alleged that the engineer stole the data between May 2012 and December, according to the WSJ.

Executives at the credit card companies have offered to resign.

One of those resignations - that of the head of NongHyup's card business, Sohn Kyoung-ik - was immediately accepted, while resignations at the other companies are pending decisions from a company board or chairman.

Although the personal information was leaked, it hasn't yet been distributed, Financial Services Commission Chairman Shin Je-yoon told reporters on Monday.

The card issuers said that customers wouldn't be responsible for any future fraudulent charges.

An official at Korea's national financial regulator, the Financial Services Commission, said that the data was easy to steal, given that it was unencrypted and that the credit card issuers didn't know it had been copied until investigators told them about the theft, the BBC reports.

No encryption? Yikes!

As far as insider jobs go, this one's pretty bad if the engineer turns out to be guilty of the crimes with which he's charged.

The data should have been encrypted, and those trusted with handling it should have been a lot more deserving of that trust.

Deep sympathy to the 20 million Koreans targeted because of the security lapses involved in this debacle.

You'd think we'd have learned by now, in the wake of the Bradley/Chelsea Manning "Wikileaks" saga of 2010, in which decades of confidential US State Department cables were siphoned off...

...without anyone noticing that one person had been drawing down unfeasibly large tranches of data onto removable media.

(If you haven't thought about a Data Loss Prevention Strategy yet, now might be an excellent time to do so!)

Here's a sadly-still-relevant podcast from the Wikileaks incident, looking at the question, "How could this have happened?"

(Audio player not working? Listen on Soundcloud.)

Image of South Korea credit card courtesy of Shutterstock.

, ,

You might like

4 Responses to Marketers, IT contractor arrested in theft of 20 million South Korean credit cards

  1. Guest · 627 days ago

    If that can happen there, that has probably happened here in the U.S. - or it will happen here, eventually. Pretty d*mned discouraging!

  2. Anonymous · 626 days ago

    It's a well known fact it happens in Indian call centres all the time.

    • Steve · 625 days ago

      Being such a well known fact, you should have been able to provide a source or two to back up your statement. It's so easy to make a claim like that when you're "Anonymous".

  3. Steve · 625 days ago

    Perhaps if it were standard practice for executives elsewhere to resign under such circumstances, information security would make real advances.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.