Overhaul information systems

The massive leak of banking customers’ personal information laid bare the security level of our financial institutions. In a shameful dereliction of duty, the financial companies forgot about protecting their customers’ sensitive information. Instead, the companies were busy raking in profits by capitalizing on their clients’ information and utterly porous security control systems. Their typical way of dealing with the crisis - reacting to it and putting the blame on others - deserves harsh criticism. A great number of banking customers now wonder whether they really can entrust financial companies with the management of their money.

Financial authorities, too, must be held accountable for the crisis as they approached the alarming leaks of personal information too slowly. Despite a chain of leaks at not only foreign banks such as Citibank or SC Bank but also at local savings banks and insurance companies, the authorities’ punishment fell way short of our expectations. For instance, a financial company which failed to protect its customers’ personal information received a fine of only 6 million won ($5,639) - along with a verbal warning from the Financial Supervisory Service.

No company will beef up its efforts to safeguard their customers’ personal information under such circumstances. Many still habitually assign information security to outside companies through contracts without fostering the professionalism of their own chief security officers.

As information security is a multidimensional issue, the government needs special measures to fix it. They must have a strong determination to change the security systems from the beginning by strengthening the punishment of perpetrators. If necessary, they should penalize them as if they had leaked state secrets. Above all, the authorities should let the violators know that if they take advantage of the leaked information to gain money, they will lose everything.

The authorities also must put restrictions on financial holding companies’ free sharing of customers’ personal information. Without customers’ consent, financial companies should not be allowed to make money by transferring sensitive information to their affiliates.

Financial institutions must take the recent information crisis as an opportunity to mend their feeble security systems thoroughly. Without such a revolutionary change in their mindsets, our financial world and its watchdogs cannot but repeat the shameful incident when the prime minister came forward to fix the information crisis 12 days after the leaks broke out.