Credit card details on 20 million South Koreans stolen

  • Published
Credit card bossesImage source, AFP
Image caption,

The bosses of the three credit card companies that lost data made a public apology

Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms.

The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.

The names, social security numbers and credit card details of 20 million South Koreans were copied by the IT worker.

The scale of the theft became apparent after the contractor at the centre of the breach was arrested.

Unprotected data

Managers at the marketing firms which allegedly bought the data were also arrested.

Early reports suggest that the contractor got hold of the giant trove of data thanks to the access Korea Credit Bureau enjoys to databases run by three big South Korean credit card firms. The contractor stole the data by copying it to a USB stick.

Regulators are now looking into security measures at the three firms - KB Kookmin Card, Lotte Card, and NH Nonghyup Card - to ensure data stays safe. A task force has been set up to investigate the impact of the theft.

The three bosses of the credit card firms involved made a public apology for the breach.

In a statement the Financial Services Commission, Korea's national financial regulator, said: "The credit card firms will cover any financial losses caused to their customers due to the latest accident."

Another official at the FSC said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft.

This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile. Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack.

Related internet links

The BBC is not responsible for the content of external sites.