Hearing on data leaks just deepens the mystery
Lawmakers held the hearing at the National Assembly and invited everyone involved in the case. The star of the show was a man identified only by his surname, which is Park, who worked for the Korea Credit Bureau.
He admitted that he sold personal information attached to more than 100 million accounts of three major credit card companies - KB Kookmin Card, Lotte Card and NH Nonghyup Card - to a man surnamed Cho, the largest shareholder of a financial product advertising agency.
The data was going to be used to advertise loans to the cardholders whose personal information was sold.
Park, 39, said he didn’t realize he had stolen so much information from his employer since he assumed much of it would be encrypted.
He said he was paid 16 million won by Cho, but the money wasn’t his main motive. He said it was “an act of sudden impulse without prior collusion.”
Park wore a face mask and a baseball cap that partly obscured his face.
Prosecutors and the credit card companies said the data that was leaked has not spread beyond Cho’s company and that there was no evidence that Park used the data for other purposes. In addition, they said CVC numbers on the credit cards and passwords weren’t leaked.
Kim Gi-juhn, a lawmaker from the Democratic Party, questioned the logic of Park’s story.
“Park earns 80 million won a year,” Kim said, so why would he commit such a huge crime for 16.5 million won?”
Other lawmakers said there were a lot of connections between Park and the ad agency.
The Democratic Party’s Kim Young-joo revealed that Park was an executive of the ad agency until late 2012. He also said the company’s owner, surnamed Chang, was Park’s schoolmate.
“This ad agency would have needed a lot of information about individuals for marketing,” Kim argued. “There is a high possibility of the leaked information being used by this company.”
Experts on information security present at the hearing warned that the information that was stolen was still a risk.
“No one should let down his or her guard even though there is no evidence of the information being stolen,” said Moon Song-cheon, a professor at Korea Advanced Institute of Science and Technology. “We should also look at fundamental problems with the nation’s resident registration system.” Analysts say Korea’s resident registration numbers contain too much information on each individual, such as date of birth, gender and hometown.
“Park should have known the value of the information,” said Lim Jong-in, dean of the Graduate School of Information Security at Korea University. “He had the technical ability and also a lot of friends.”
Lim said it was impossible to believe that some harm wouldn’t come from the leak of all that personal data.
The heads of the card companies at the center of the scandal were also criticized by lawmakers.
The DP’s Kim Ki-sik argued that the chairman of KB Financial Group, Lim Young-rok, needs to take responsibility for the incident.
“I have never used a KB Kookmin Card, but my personal information was leaked in the latest incident because I had a Kookmin Bank account 20 years ago,” Kim said.
The personal information that was sold not only included the credit card accounts but also totally separate accounts in the same financial institution.
“The KB Financial Group chairman, who is supposed to be in charge of protecting customer information, should be held accountable,” Kim said. “He shouldn’t just be receiving resignations from lower executives.”
Independent lawmaker Song Ho-chang asked how financial authorities would take responsibility for the incident.
Shin Je-yoon, chairman of the Financial Services Commission, repeated the importance of preventive measures, but Song said, “It is not right to have those who should be held accountable devise measures to prevent a repeat of a similar incident.”
“After the ongoing investigation, anyone who violated the law will be held responsible,” Shin said.
KB Chairman Lim said he will comply with the authorities’ order.
“I am in charge of customer information that is shared between the holding company and subsidiaries,” Lim said. “The recent card data incident is a different matter because the data was leaked from the card company.”
Hyun Oh-seok, finance minister and deputy prime minister for the economy, apologized for the second time for his offensive comments directed at victims of the leak.
Hyun sparked a public backlash by saying on Jan. 22, “Foolish people always talk about responsibility and get concerned whenever something happens, whereas wise people take preventive measures, motivated by the occasion.”
Hyun said he wanted to apologize to the public for his “senseless words.”
“I learned how much weight a public servant’s words carry,” Hyun said yesterday.
After the unprecedented leak, President Park Geun-hye issued a verbal warning to Hyun on Jan. 27, saying government officials are advised not to make remarks that hurt the feelings of the people and those who do so in the future will be held responsible.
By song su-hyun [firstname.lastname@example.org]