Data stolen from 95,000 credit card customers

A single information trafficker managed to steal the personal data of more than 95,000 Korean credit card users - and sell it to thieves who created cloned credit cards, police said Sunday.

Police said a Romanian used the Internet to install spyware in point-of-sale systems at 36 large discount stores, restaurants and gas stations in Korea, then stole card information from 95,266 customers last August. The Romanian sold the data to Malaysian traffickers, who in turn sold part of it to four men whom police arrested Sunday.

The men, including one surnamed Eom, told investigators that they bought information about 51 credit cards for 300,000 won ($269), and used it to create cloned credit cards.

The information included 37 numbers and symbols encrypted on a magnetic stripe on the back of the cards, a police officer said.

Malaysian police said the original hacker was arrested and charged with theft, but not before the Malaysian traffickers sold the Korean credit card users’ information all over the world.

Police said 943 credit cards were cloned and used to charge 677 million won in 49 countries. The losses will be borne by the issuing credit card companies and banks, which in turn may seek reimbursement from the card-reading companies whose system the hacker broke.

Police on Sunday asked the Financial Supervisory Service and credit card companies to heighten their security to prevent similar crimes in the future. They also informed the victims of the information leak and advised them to apply for new credit cards.

About 260,000 credit card readers use point-of-sale systems. The first case of point-of-sale hacking in Korea was in 2007.

By Kim Mi-ju, Kang In-sik [mijukim@joongang.co.kr]