South Korea Bank Data Breach Hits 15m

Thomas Brewster,
Seoul gangnam buddha south korea © SeanPavonePhoto

Epic data breach affecting a third of all South Koreans – believed to have been an inside job

South Korea is reeling from a major leak of personal and bank data, affecting almost a third of the nation’s 50 million inhabitants.

Many are now planning to join class action lawsuits against three banks, after a man working for the credit ratings firm Korea Credit Bureau was arrested on suspicion of leaking information of around 15 million credit card holders to willing buyers. That man has now been arrested.

Fotolia: Piggy bank with letters spelling oops - investing your savings © Karen Roach #9936465It was claimed the contractor siphoned off data from 105.8 million accounts at three banks, KB Kookmin Card Co, Lotte Card Co and NH Nonghyup Card, who have all been told to carry out thorough site inspections by local regulators. He passed on details of the 15m credit card accounts to at least two other people, including a loan marketer and a broker, officials said.

South Korea in shock

Reams of different kinds of data were taken, including names, home addresses, phone numbers, bank account numbers, credit card details, identification numbers and passport numbers.

The Korean Financial Supervisory Service said it was unlikely fake credit cards would be created with the stolen data, as card validation codes (CVCs) were not leaked. It warned concerned customers about the potential for fraudulent marketing emails and calls in the coming days.

Anyone worried their data was stolen can check on the three credit card companies’ websites.

The event marks one of the biggest personal data losses in the history of South Korea, which has been the subject of significant attacks thought to have emanated from North Korea in recent months.

It also comes just a month after US retailer Target was breached, exposing data on as many as 110 million people.

“The sheer scale of the latest data breach shows why it is essential for organisations to protect against insider threats by ensuring a strict data protection policy is both put in place and followed,” said Chris McIntosh , CEO of security company ViaSat UK.

“Private data such as credit card details are a lucrative target for criminals and opportunists and so it is essential that this data is stored centrally on an encrypted drive or transferred to another encrypted device or wherever possible deleted when no longer being used.”

How much do you know about information security? Try our quiz and find out!