Data leaks claim top executives
It is the worst breach of personal data in Korea’s history, involving some 104 million accounts.
The announcement of the resignations came yesterday afternoon, hours after the three card companies - KB Kookmin Card, Lotte Card and NH Card - held a joint news conference earlier in the morning saying they would step up compensation efforts, including full coverage of any financial damage that may occur from the leaks. NH Card CEO Sohn Kyung-ik was the first to announce his resignation to take responsibility for snowballing public anxiety.
Minutes after, KB Financial Group top executives made an even broader announcement. Along with KB Kookmin Card CEO Shim Jae-oh, KB Kookmin Bank CEO Lee Kun-ho and other high-ranking officials also resigned.
Despite the resignations, apologies and guarantees of compensation, customers continued to express fear over financial vulnerability. The Internet was busy with angry customers, and some even claimed they were being hassled by fraudsters as a result of the data leaks.
Political circles chimed in, demanding financial regulators take aggressive action such as imposing penalties on the credit card companies.
Card companies step up compensation
The day after the Financial Supervisory Service held a press conference to try to calm the public about the detailed leak of their personal information, the three card companies held a press conference yesterday morning to apologize for the second time.
They also promised to pay for any financial losses that may result from the leaks.
“If a customer detects and reports any illegal usage of a card, we will compensate,” said KB Kookmin Card CEO Shim. “We will take full responsibility for credit cards that have been duplicated or fabricated.”
The KB Kookmin Card chief, who was the first among the three card companies to hold a press conference, once again apologized to the public, saying that he was ashamed for “leaving a deep scar on our customers’ trust.
“KB Kookmin Card once again apologizes to our customers with our heads bowed down,” Shim said.
Lotte Card and NH Card made similar apologies and constructed plans for compensation.
“Regardless of the time frame, we will fully compensate if our customers suffer any damages related to the leaks,” said Park Sang-hoon, Lotte Card CEO. “I apologize for causing the public anxiety due to the leakage of personal information. This was an incident that should have never happened at a financial institution where customers’ trust is essential.”
NH Card, whose customers are largely civil servants, said it will set up a damage report center for compensation claims.
All three companies said they will offer a free text messaging service that alerts a customer every time something is charged to his or her credit card. That service normally costs 300 won a month.
The three companies also said they will step up services such as opening a 24-hour call center. They vowed to stop all marketing text messages.
The personal data was sold to marketing companies.
“We will step up our personal information security by creating an independent information protection department that is directly managed by the bank’s president,” said NH Card’s Sohn. “Additionally, customers’ personal information will be handled in a separate development area with stronger security, and non-NH developers will have to work only through equipment provided by us.”
Although the personal information leaks were made public a week ago, it was only on Saturday that the card companies launched services on their websites through which customers could check whether their information was leaked. And many customers found that more details were leaked than they were originally told.
To calm the situation, the FSS held a press conference Sunday afternoon in which it stressed that the leaked information was contained and that no damages would be incurred by individuals.
The three companies yesterday repeated the FSS claim that the information was contained and that cardholders’ four-digit confidential passwords and credit verification codes (CVCs) were not leaked, making it impossible for other people to purchase items on the cards.
“We believe the possibility of secondary damage from the breach such as hassling by loan sharks is unlikely since the leaked information has been seized by the prosecutors before it was distributed,” said Shim of KB Kookmin Card.
“Additionally it has been six months since the leak first took place, and yet there have been no reports of damages,” Shim added. “The prosecutors’ office has also reassured us that there has been no distribution of the leaked information.”
Park of Lotte Card stressed that the passwords and CVCs were not leaked, so even if basic information has been distributed, it would be impossible to make duplicate cards.
“I once again strongly reassure our customers that there will be no additional damages related to the case,” Park said. “But the most important thing is to soothe our customers’ anxiety. We will work quickly in taking action.”
However, Park noted that due to the leaked basic information, customers could be exposed to illegal phishing (phone fraud) or smishing (text message fraud) as well as unlawful telemarketing. “Such financial fraud attempts could be made, and therefore we ask customers to take extra precautions,” Park said.
The government and political parties began asking for stronger action.
Prime Minister Chung Hong-won reportedly urged Financial Services Commission Chairman Shin Je-yoon yesterday to step up punishment against any responsible parties, including the possibility of imposing heavy fines on the three card companies
“The criminal punishment on leaking information should be raised significantly so that no one would even dare to attempt taking such action,” the prime minister said.
Under current legislation, financial institutions that fail to protect customers’ information are slapped with a maximum fine of 6 million won.
Samsung Card and Hana SK Card, whose customers’ personal information were leaked in 2011, got away with a warning and a 6 million won ($5,638) fine. So did Meritz Insurance last year.
Both ruling and opposition political parties strongly criticized the information leak and demanded financial regulators step up penalties.
“In a society based on trust, the leak of individual credit information is a crime that should not happen,” said Kim Gi-hyeon, a Saenuri Party lawmaker.
The first thing Miss Kim, a 34-year-old civil servant, did after getting out of bed yesterday morning was log on to the Internet to check if her personal information had been leaked.
Kim has both a Lotte and an NH Card.
“I didn’t give much thought about it until I saw the news and realized how serious the situation was,” Kim said.
Kim couldn’t find out about her personal situation because the servers were down because of customer overload. “Many of my friends said they are heading to the bank to completely cancel their credit cards.”
Many customers expressed dissatisfaction with the actions of the card companies.
“All they are doing is giving a free text message service,” said Mr. Yoo a 38-year-old office worker. “It’s appalling how careless these financial institutions are in handling my personal information.”
BY LEE HO-JEONG [firstname.lastname@example.org]