Protect information, stop leaks

The recent massive leak of credit card users’ personal information is shocking enough to exacerbate banking customers’ deepening worries about financial institutions’ feeble information-protection systems. What concerns us is not only the enormous size of the leaked personal information, but also the sensitive nature of the information. According to the prosecutors’ investigation, 19 kinds of personal information - including resident registration numbers, bank account information, cell phone numbers, home addresses and credit card numbers of as many as 104 million customers - were leaked altogether.

That means almost all of the customers’ personal information and financial transaction records were stolen. The victims’ woes and anxiety are well understood. Moreover, not only the personal information of credit card holders at the card companies, but also that of the credit card users’ trading partners as well as the financial transaction information on those card companies’ affiliated banks was leaked, according to the prosecutors’ office.

Financial authorities and credit card companies underscore that no financial damage through forged cards is expected for their customers because the “credit cards’ passwords and card validation codes [CVC] were not leaked.” But that explanation hardly calms customers’ growing apprehension. The card companies should take into account the possibility that their credit cards were used overseas for fraud and give a detailed explanation to their customers. Also, they must come up with solutions to prevent any secondary damages through spam messages or “smishing” based on the leaked personal information.

The alarming leak was not done by hackers infiltrating the computer systems of financial companies, but rather by an employee of a credit card information company who had access to the information and wanted to sell it for profit. In other words, the case is not about a traditional siphoning of customers’ private information from financial companies via hackers, but about a bold theft of personal information by a banking company insider who had easy access to that information. That reveals how porous our financial companies’ computer systems are when it comes to protecting their customers’ personal information.

Our financial institutions face daunting challenges on the security front. They must do their best to find the most effective way to prevent such an unfathomable case in the future. In the process, they must consider all the worst-case scenarios so that their customers’ sensitive information won’t be leaked again.

Above all, they must correct their poor recognition of what personal information is all about. Losing their customers’ information is the same as losing their trust, which is arguably one of the most cherished values of the financial world.