S. Korea vows harsh penalties for data leaks

Jan 22, 2014 by Jung Ha-Won
A South Korean customer receives an application form to cancel her credit card at a branch of Lotte Card in Seoul on January 22, 2014

South Korean regulators Wednesday vowed harsh corporate penalties for data theft, as angry customers swamped credit card offices for a third day after 20 million people had their financial information stolen.

"If an incident like this happens again, the company in question will be shut and its executives will no longer be able to work in this industry," Shin Je-Yoon, the head of the Financial Supervisory Commission (FSC), told reporters.

Shin was reacting to South Korea's largest-ever leak of private financial data that involved three credit card companies and at least 20 million clients—out of a national population of 50 million.

Credit card usage is particularly high in South Korea where the average adult has four or five cards.

The data was stolen by an employee from personal credit ratings firm Korea Credit Bureau who once worked as a temporary consultant at the three firms. He was arrested earlier this month.

The stolen data included names, social security numbers, phone numbers, e-mail addresses, home addresses, and even personal credit ratings.

Angry customers

Since Monday more than two million victims have cancelled their permanently or requested new ones.

"Now all my is out there, including my home and office addresses and phone numbers and even my annual income and how many times I was behind on in the past," said Grace Choi, a Seoul office worker.

"I'm more than angry. I'll join a class action suit if there is one," she said.

A South Korean customer fills in an application form to cancel his credit card at a branch of Lotte Card in Seoul on January 22, 2014

Choi was one of hundreds of Lotte Card customers who packed the company's branch in downtown Seoul to cancel their cards and request new ones.

Most waited for hours, berating harried staff who had been tasked with fielding complaints.

"I came here because their call centres were constantly engaged yesterday," said Won Jong-Hee, a Seoul housewife.

"They say there are some 500 people in line before me and I have to wait seven hours...this is ridiculous," she said.

All special call centres run by the credit card firms were busy and some of their websites could not be accessed due to heavy traffic.

All three announced extended operating hours and vowed to remain open on weekends to handle cancellations.

Shin said the FSC would devise harsher punishments and heavier financial penalties on companies and their executives for future security breaches.

"For instance, we are thinking of about 5 billion won ($4.6 million) in fines, or even up to 1.0 percent of their total sales," he said.

The companies involved in the latest data leak—KB Kookmin Card, Lotte Card and NH Nonghyup Card—will face "the highest level of punishment legally possible", he said, suggesting a possible three-month business suspension.

The companies would be banned from accepting new customers and offering cash advance services to existing clients during the suspension.

Shin sought to quell public concerns, saying the stolen data in the latest case had not been resold to a third party.

He also promised that the credit card firms would be forced to make good on a commitment to fully compensate clients for any financial loss resulting from the theft.

Many major South Korean companies have seen customers' data leaked in recent years, either by hacking attacks or their own employees.

An employee of Citibank Korea was arrested last month for stealing the personal data of 34,000 customers.

In 2012 two South Korean hackers were arrested for stealing the data of 8.7 million customers at the nation's second-biggest mobile operator.

In November 2011 Seoul's top games developer Nexon saw the personal information on 13 million users of its popular online game MapleStory stolen by hackers.

In July the same year, personal data from 35 million users of Cyworld—the South's social networking site—was stolen by hackers.

Explore further: 20 million people fall victim to S. Korea data leak

add to favorites email to friend print save as pdf

Related Stories

Target: Customers' encrypted PINs were stolen

Dec 27, 2013

Target said Friday that debit card PIN numbers were among the financial information stolen from millions of U.S. customers who shopped at the retailer earlier this month.

Recommended for you

China blocks 'privacy' search engine DuckDuckGo

12 hours ago

China has begun blocking the privacy-protecting search engine DuckDuckGo, which avoids storing user data or tracking online activity, according to the company and security researchers.

FBI widens probe of naked celebrity photos

12 hours ago

The FBI vowed Monday to widen a probe into the massive hacking of naked celebrity photos if necessary, after new reported leaks including nude shots of Kim Kardashian.

New ZEBRA bracelet strengthens computer security

16 hours ago

In a big step for securing critical information systems, such as medical records in clinical settings, Dartmouth College researchers have created a new approach to computer security that authenticates users ...

CloudFlare tackles lost SSL key risk with Keyless SSL

Sep 19, 2014

Organizations looking for and concerned about optimal security protection are the targets of a new service announced by San Francisco-based CloudFlare. The offering is called Keyless SSL. CloudFlare explained ...

When does Google hand over your data to governments?

Sep 19, 2014

Governments around the world want to know a lot about who we are and what we're doing online and they want communications companies to help them find it. We don't know a lot about when companies hand over ...

User comments : 0