Finance companies to bolster data security

The Financial Services Commission announced measures yesterday to put a stop to a string of incidents involving customer data exposure and systems crashes at financial companies.

The measures will raise CEO accountability and oblige financial companies to offer compensation in the event of a security breach.

The FSC said in a press conference yesterday that the computer security measures will “not be a one-time measure to counteract an incident, but will fundamentally bolster IT security,” and their focus will be to “bring about a shift in executives accountability and reinforce IT security systems.”

The FSC will require all financial CEOs to sign off on corporate IT security plans; make the hiring of chief information security officers (CISOs) mandatory; expand IT security budgets and personnel; step up penalties for data mishaps; and institute mandatory compensation for consumers when the company is found to be in the wrong. The FSC will include consumer loan companies in the new guidelines.

After an adaptation period of about 10 weeks, the guidelines will be heightened to and enforced as regulations by the fourth quarter.

A task force set up on April 19 in the wake of the hacking of Hyundai Capital came up with the measures. It was spearheaded by the FSC and composed of private experts and government officials. The new rules will not be retroactive, barring Hyundai Capital and Nonghyup from punishment for maintaining lax security.

“We believe it would be fair to apply the rules that were in place at the time,” an FSC official said. Some 1.75 million customers were affected by the Hyundai Capital hacking, much higher than the 420,000 that the company originally reported.

By Lee Jung-yoon [joyce@joongang.co.kr]