South Korean credit card firms suspended over data breach

Don't protect your customer data? Don't expect to carry on as normal.
Written by Charlie Osborne, Contributing Writer
credit cnet
Credit: CNET

South Korea's financial watchdog has suspended the activity of three credit-card issuers after the firms failed to prevent a high-profile breach resulting in the theft of data of as many as 104 million cards.

According to the Wall Street Journal, the South Korean Financial Supervisory Commission (FSC) has stopped KB Financial Group, NongHyup Financial Group and retailer Lotte Group from issuing new cards to customers for three months starting on the 16 February. The commission will lift the ban on May 16.

In addition, all three companies will be fined 6 million won ($5,640) for their roles in the breach. It is believed that a temporary employee of the Korea Credit Bureau (KCB), now arrested, stole the data by saving it on a USB stick between October 2012 and December 2013. The former employee then sold this information to phone marketers, of which executives have also been arrested.

The financial data of at least 20 million people was sold to marketing firms after being stolen. As South Korea has one of the highest rates of credit card use -- with adults often owning multiple cards and switching firms for the best deal -- the theft of the personal information of over a quarter of the country's population is no small cybercrime.

The FSC said the companies had "neglected their legal duties of preventing any leakage of customer information," according to the BBC.

As a result of the data breach, which included email and residential addresses as well as I.D. and telephone numbers, the companies have apologized publicly, and some executives have resigned or offered to step down.

Another high-profile breach currently being investigated is the security breach at U.S. retailer Target, where at least 40 million customer records were stolen late last year. Potentially, the data theft was due to a successful phishing campaign which infected the networks of a third-party contractor, which eventually led to the infiltration of Target's point-of-sale systems.

Editorial standards