S. Korea vows harsh penalties for data leaks

South Korean regulators Wednesday vowed harsh corporate penalties for data theft, as angry customers swamped credit card offices for a third day after 20 million people had their financial information stolen.

"If an incident like this happens again, the company in question will be shut and its executives will no longer be able to work in this industry," Shin Je-Yoon, the head of the Financial Supervisory Commission (FSC), told reporters.

Shin was reacting to South Korea's largest-ever leak of private financial data that involved three credit card companies and at least 20 million clients—out of a national population of 50 million.

Credit card usage is particularly high in South Korea where the average adult has four or five cards.

The data was stolen by an employee from personal credit ratings firm Korea Credit Bureau who once worked as a temporary consultant at the three firms. He was arrested earlier this month.

The stolen data included names, social security numbers, phone numbers, e-mail addresses, home addresses, credit card numbers and even personal credit ratings.

Angry customers

Since Monday more than two million victims have cancelled their credit cards permanently or requested new ones.

"Now all my personal data is out there, including my home and office addresses and phone numbers and even my annual income and how many times I was behind on credit card payments in the past," said Grace Choi, a Seoul office worker.

"I'm more than angry. I'll join a class action suit if there is one," she said.

Choi was one of hundreds of Lotte Card customers who packed the company's branch in downtown Seoul to cancel their cards and request new ones.

Most waited for hours, berating harried staff who had been tasked with fielding complaints.

"I came here because their call centres were constantly engaged yesterday," said Won Jong-Hee, a Seoul housewife.

"They say there are some 500 people in line before me and I have to wait seven hours...this is ridiculous," she said.

All special call centres run by the credit card firms were busy and some of their websites could not be accessed due to heavy traffic.

All three announced extended operating hours and vowed to remain open on weekends to handle cancellations.

Shin said the FSC would devise harsher punishments and heavier financial penalties on companies and their executives for future security breaches.

"For instance, we are thinking of about 5 billion won ($4.6 million) in fines, or even up to 1.0 percent of their total sales," he said.

The companies involved in the latest data leak—KB Kookmin Card, Lotte Card and NH Nonghyup Card—will face "the highest level of punishment legally possible", he said, suggesting a possible three-month business suspension.

The companies would be banned from accepting new customers and offering cash advance services to existing clients during the suspension.

Shin sought to quell public concerns, saying the stolen data in the latest case had not been resold to a third party.

He also promised that the credit card firms would be forced to make good on a commitment to fully compensate clients for any financial loss resulting from the theft.

Many major South Korean companies have seen customers' data leaked in recent years, either by hacking attacks or their own employees.

An employee of Citibank Korea was arrested last month for stealing the personal data of 34,000 customers.

In 2012 two South Korean hackers were arrested for stealing the data of 8.7 million customers at the nation's second-biggest mobile operator.

In November 2011 Seoul's top games developer Nexon saw the personal information on 13 million users of its popular online game MapleStory stolen by hackers.

In July the same year, personal data from 35 million users of Cyworld—the South's social networking site—was stolen by hackers.

© 2014 AFP