FSS investigating possibility of more leaks
“The FSS is currently inspecting financial institutes [that possibly had information leaks] and will take appropriate action,” said Choi Soo-hyun, governor of the Financial Supervisory Service, during his visit to the headquarters of KB Kookmin Card in Jongno, central Seoul, yesterday.
Choi went to the credit card company that made a public apology for poorly managing the personal information of its customers, which led to leaks involving as many as 53 million cards last week.
The Changwon District Prosecutors’ Office found that an employee of Korea Credit Bureau, a private credit rating agency, illegally collected and sold the information of KB Kookmin Card, Lotte Card and NH Card customers to loan marketers while he was upgrading anti-counterfeit systems at the three companies.
Despite previous warnings from the financial authority, the latest incident marked the largest-ever, involving more than 100 million cases.
Prosecutors said the stolen information included names, mobile phone numbers, employers and addresses.
“In the data the FSS received from prosecutors, there is information seemingly related to customers of other companies - some are savings banks and some are subsidiaries of large financial holding groups,” said an FSS official.
In the past five years, there have been other illegal collections and sales of personal information of customers of banks and credit card companies, mostly committed by insiders.
An employee of a Standard Chartered subcontractor secretly removed information on more than 100,000 customers of the bank via a portable hard drive to sell in February 2012.
In 2011, similar incidents were committed by employees of IBK Capital, Samsung Card and Hana SK Card. In the same year, the information of 1.75 million Hyundai Capital consumers was stolen by a hacker.
Companies that have disclosed leaks still have not taken any specific measures to compensate victims.
Under personal information protection laws, companies must notify victims of the details of stolen information, when and how the incident happened and further prevention methods and compensation plans as soon as possible.
However, the three card companies have been unable to discern exactly what information was stolen for the past week.
What they have done is send short emails to customers, explaining the result of the prosecutors’ investigation and the compensation amount if specific damages are found. The companies also posted an apology message on their websites.
Standard Chartered, whose leak was found in December, has not yet notified victims.
In answer to the question of whether the chief executive officers of those card companies would be sacked, Choi said, “If any violation of law is found, the authority will take stringent action.”
On Tuesday, Financial Services Commission Chairman Shin Je-yoon issued a warning that CEOs of financial corporations will have to resign if there such incidents are repeated in the future.
“The authority will impose the strongest punishments on CEOs and executives of responsible companies,” Shin said at a meeting with the heads of financial companies.
Further damage from the recent incident could be inflicted on more consumers who are already concerned about rampant financial fraud through text messages, said an official of the Korea Finance Consumer Federation.
“Text messages under the feigned names of the card companies are being spread across smartphone users already,” the official said. “To have prevented this, the companies should have acted more swiftly.”
A growing number of smartphone users in Korea have fallen victim to so-called smishing or SMS phishing in recent years. Aside from fake wedding invitations, the malicious text messages can be disguised as an invitation to a baby’s first birthday party, a breaking news alert, free tickets or a notice from a court. Clicking the link always leads to a website with malware.
According to data by AhnLab, a leading security software company, 2,433 types of malware had been detected as of August - a drastic jump from 29 in 2012.
The number of smishing-related websites blocked by the Korea Internet and Security Agency, a state-run Internet regulator, rose to 1,289 during the same period.
Losses from SMS phishing increased to 3.5 billion won ($3.3 million) as of last July, according to data compiled by the National Police Agency.
BY SONG SU-HYUN [firstname.lastname@example.org]
More in Finance
[NEWS ANALYSIS] As foreigners rush back, market does an about-face
CU gets into the foreign exchange transaction business
Kospi hits another record high despite Covid spike
5-day winning streak ends as Kospi drops 0.62 percent
Debt is the latest hot product being pushed into the market