South Korea raises regulatory penalties following massive data leaks

Top execs face dismissal, while financial firms face heavier fines and suspensions as part of proposed measures in the wake of the data breach involving over 20 million credit card customers revealed earlier this week.

South Korea has unveiled a new set of supervisory measures and tighter penalties, following a massive data breach earlier this week involving over 20 million bank customers.

On Sunday, news broke that over 20 million credit card customers had their data stolen.

Under the proposed changes, top executives could face the sack while firms could be fined heavily and be suspended, said the Financial Services Commission (FSC), according to Yonhap News.

The more stringent requirements on financial firms include:

  • Beefing up monitoring of staff and contractors in areas related to data protection
  • Tighter regulations over sharing of customer data between affiliates
  • Choice for users to opt out of data sharing practices with affiliates and third parties
  • Cutting down on required personal information collected such as citizen registration numbers
  • Credit card firms required to delete customer data within a certain timeframe after membership cancelation

The "hastily drawn-up" measures come amid public uproar over poor management of client data by financial firms, noted the report. News broke on Sunday that at least 20 million customers under three credit card firms had their data stolen, reportedly by a temporary employee who later sold the data for 17 million won (US$16,000) to phone marketing companies. The information was taken from the internal servers of KB Kookmin Card, Lotte Card, and NH Nonghyup Card.

FSC plans to suspend the businesses of the three credit card firms for three months, and take punitive action against their top executives, noted Yonhap.