South Korea punishes three credit card firms over data heist

Filed Under: Data loss, Featured, Law & order

Image of credit card terminal courtesy of ShutterstockSouth Korean regulators have fined three credit card companies and banned them from issuing new credit cards for three months in the wake of the country's largest-ever data theft last month.

The heist turned out to be an inside job, traced back to one IT guy inside a credit bureau and some dodgy data buyers, all of whom were arrested.

Financial data on at least 20 million people - more than 40% of the country's population - was stolen and sold to marketing firms.

The theft was traced back to an IT contractor working for a company called the Korea Credit Bureau, which produces credit scores.

The worker purportedly copied the massive trove of data onto a USB stick.

He was arrested along with two managers at the marketing firms who were allegedly willing buyers of the data.

Early reports pointed to the contractor, an engineer, being able to get his hands on the data courtesy of Korea Credit Bureau's access to databases run by three big South Korean credit card firms.

Those credit card companies - KB Financial Group, NongHyup Financial Group and retailer Lotte Group - will each be fined 6 million Korean won ($5,658).

The BBC reports that South Korea's Financial Supervisory Commission (FSC) said that the three firms had "neglected their legal duties of preventing any leakage of customer information".

The credit card companies will also be banned from issuing new credit cards for three months, until 16 May 2014.

The chiefs of the credit card firms have publicly apologised for the leaks.

Some executives at NongHyup and KB Financial have resigned, while others at the three companies have offered their resignations.

According to the Wall Street Journal, all three companies said they would try to minimise inconvenience to customers.

Thousands of those customers, roaring mad, swamped branches of the three firms last month, demanding to have their cards cancelled or to have new ones issued, the BBC reports.

The WSJ reports that, pending the completion of investigations, the commission might seek further punishment for company executives and might also seek to double the credit firms' suspensions to six months for future cases.

Image of credit card terminal courtesy of Shutterstock.


You might like

2 Responses to South Korea punishes three credit card firms over data heist

  1. Anonymous · 595 days ago

    Oh, that $5,658 fine is gonna sting.

  2. Stephen H · 595 days ago

    I like the ban on issuing cards penalty - it'll work better than any fine, which really just goes directly to shareholders. The suspension is much more obvious and a heap more painful, and presumably will lead to shareholder demands for the removal of senior staff.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.