Leak panic continues on
As of noon yesterday, nearly 1.2 million requests had been received for cards to be canceled or reissued, according to the Financial Supervisory Service. Cancellation and suspension of credit card requests numbered more than 532,700, while requests for reissuances added up to more than 616,800.
The requests peaked on Monday, with more than 340,000 requests being made to cancel or suspend cards and 462,800 requests made for reissuances.
The government said it will today announce prevention measures, including greater penalties for institutions that fail to secure customers’ personal information.
During an emergency meeting presided over by Prime Minister Chung Hong-won yesterday, the government said it will announce measures such as an overhaul of past practices by both public and private institutions that asked too much private information; immediate deletion of personal information after credit card services are canceled; the blockage of leaked personal information from being used in loan marketing; and the adoption of greater fines for financial institutions that failed to prevent leaks of information.
Under the current law, financial institutions that failed to prevent such leaks were only fined a maximum of 6 million won ($5,603). Such puny punishments were one of the key factors that infuriated the frightened public.
82 million cardholders exposed
Personal information on roughly 82 million accounts is said to have been leaked, according to information provided by the three credit card companies - KB Kookmin, Lotte and NH - during a Monday press conference.
That figure includes multiple accounts of people who have more than one card among the three issuing companies.
If people with numerous accounts are factored in, the number of victims is estimated at around 15 million individuals.
KB Kookmin Card had the largest leak of 43 million accounts. Although the figure excluded corporate and deceased clients, most of the leaks were from KB Kookmin Bank customers rather than KB Kookmin Card customers.
Over 11 million customers of KB Kookmin Bank had their information leaked, while 9.5 million customers of its card company had their details leaked. Information was also leaked from another 22 million people’s inactive accounts. This was personal information KB Financial Group kept even when customers stopped receiving its services. By law, credit card companies can hold on to such records for between 5 and 10 years, depending on which law is applied.
NH Card had the second-largest number of customers with leaked information; nearly 22 million. NH even kept the personal data of people who applied for cards but failed to receive approval for them.
Information on 17 million Lotte Card holders was exposed. That included 2 million expired accounts that still had card points.
In the last two days, cardholders flocked to banks and Lotte offices to cancel credit cards or have them reissued.
Office workers skipped lunch, while others continuously tried to log onto the companies’ websites or tried their luck with call centers. Brick-and-mortar branches had long queues, and websites crashed because of traffic overloads. Call centers had people waiting on hold endlessly.
“I went to Lotte Mart near my apartment to cancel my account the minute the store opened this morning,” said a 64-year-old resident of Jamsil, southeastern Seoul. “Still, they kept me waiting for nearly an hour, which was really frustrating.”
She said she was one of the lucky ones. Some customers at banks had a single card reissued and others canceled. Other customers got new account numbers to replace ones that were leaked.
“These rotten people,” groused a 38-year-old office worker named Lee. “I tried to cancel the only card I have - a Lotte Card - and their website is completely paralyzed. Is there a way I can make them suffer?”
An office worker in her early 30s said she tried to contact a call center, and was kept on hold for 30 minutes. “They should offer an ARS (automated response service) and not connect to a human agent,” the woman said.
On Monday between 9 a.m. and 10:20 a.m., the 1588 service, which connects to call centers, was completely paralyzed according to KT, which offers the service. Traffic far exceeded the daily average amount, KT said.
The frustration of customers was not only because of long waits. Some of the call centers that credit card companies promoted only accepted reports of theft from accounts after business hours, not requests for cancellations or reissuances.
In the case of KB Kookmin Card, its call center was useless after office hours. A recording told people to call back the next day.
Lotte Card redirected callers to centers that only handled emergencies such as lost credit cards. The situation was the same at NH Card.
“I don’t think these people understand the depth of the situation and how angry people are,” said a 38-year-old office worker named Yoo. “I’m really thinking of going back to the Stone Age and only using hard currency.”
CEOs of the credit card companies, as well as the Korea Credit Bureau, which employed the person who leaked the data to a loan marketing company, turned in their resignations hours after a press conference on Monday morning.
NH Card head Sohn Kyung-ik was the first, announcing his resignation at 5 p.m. Minutes later, 27 KB officials, including the bank’s CEO Lee Kun-ho and CEO of the credit card company Shim Jae-oh, announced their resignations. Lotte was the last to join when seven top officials, including CEO Park Sang-hoon, announced their resignations at 9 p.m.
Some demanded strong action against the managements responsible for the leaks. According to the prosecutors’ office, the KCB employee stole the information by using a USB drive sometime between November 2012 and December 2013. Information about NH Card customers was leaked between October and December 2012, while information from KB Kookmin was leaked in June and from Lotte in December. The employee and two others involved have been indicted.
The financial industry is speculating that action could be extended to two foreign banks, Citibank and SC Korea, which had personal information leaks last year. Those incidents have been overshadowed by the recent leaks.
Information on roughly 100,000 SC Korea’s accounts was leaked in February 2012, while information on 30,000 Citibank Korea accounts was leaked in April 2013.
There is speculation that KB will be given the heaviest penalty as it has the largest numbers of accounts exposed.
BY Lee Ho-jeong [firstname.lastname@example.org]