S. Korea banks required to declare security breach

Financial regulator instructs local financial firms to disclose details in the event of a security breach, including the reason it happened, as part of efforts to beef up network security.
Written by Ellyne Phneah, Contributor
Financial firms must disclose details of the breach, along with reasons it occurred, on their Web sites.

South Korea's financial regulator has instructed local financial companies to declare their security breaches and make details publicly available for a month, as part of the country's efforts to beef up network security.

Choi Soo-hyun, chief of the country's Financial Supervisory Service (FSS) said at a seminar Thursday the management of banks will be held responsible in the event of a security breach found to be due to negligence. The organizations also will have to disclose details of the breach, along with the reasons it occurred, on their Web sites, reported Yonhap News Agency.

No timeframe was provided on when they will need to start doing so. 

"Online banking has grown fast to an extent that it accounts for 80 percent of all financial transactions in the country, with the importance of online security increasing," Choi said.

The FSS also plans to bolster regular inspections on network security at local financial companies by inducing them to invest in more manpower in IT, Choi added.

However, it was not stated how this will be enforced or what the penalty would be if financial firms did not comply with requirements set by the regulator.

The move comes as efforts to ensure a safe online network system are one of the top priorities for South Korean finacial firms, after some Web sites including Shinhan Bank were hacked by an unknown malware in late-March this year.

The FSS along with its supervisory agency, Financial Services Commission (FSC), in April said they were assessing network systems of financial institutions and will introduce measures to strengthen security and better safeguard customer data.

Editorial standards