South Korea Bank Data Breach Hits 15m

South Korea is reeling from a major leak of personal and bank data, affecting almost a third of the nation’s 50 million inhabitants.

Many are now planning to join class action lawsuits against three banks, after a man working for the credit ratings firm Korea Credit Bureau was arrested on suspicion of leaking information of around 15 million credit card holders to willing buyers. That man has now been arrested.

It was claimed the contractor siphoned off data from 105.8 million accounts at three banks, KB Kookmin Card Co, Lotte Card Co and NH Nonghyup Card, who have all been told to carry out thorough site inspections by local regulators. He passed on details of the 15m credit card accounts to at least two other people, including a loan marketer and a broker, officials said.

South Korea in shock

Reams of different kinds of data were taken, including names, home addresses, phone numbers, bank account numbers, credit card details, identification numbers and passport numbers.

The Korean Financial Supervisory Service said it was unlikely fake credit cards would be created with the stolen data, as card validation codes (CVCs) were not leaked. It warned concerned customers about the potential for fraudulent marketing emails and calls in the coming days.

Anyone worried their data was stolen can check on the three credit card companies’ websites.

The event marks one of the biggest personal data losses in the history of South Korea, which has been the subject of significant attacks thought to have emanated from North Korea in recent months.

It also comes just a month after US retailer Target was breached, exposing data on as many as 110 million people.

“The sheer scale of the latest data breach shows why it is essential for organisations to protect against insider threats by ensuring a strict data protection policy is both put in place and followed,” said Chris McIntosh , CEO of security company ViaSat UK.

“Private data such as credit card details are a lucrative target for criminals and opportunists and so it is essential that this data is stored centrally on an encrypted drive or transferred to another encrypted device or wherever possible deleted when no longer being used.”

How much do you know about information security? Try our quiz and find out!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Marriott Agrees To Pay $52 Million To Settle Data Breaches

To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…

2 days ago

Tesla Shares Drop After Cybercab Unveiling

Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…

2 days ago

AMD Launches New AI, Server Chips To Expand Nvidia Challenge

AMD unveils new AI and data centre chips as it seeks to improve challenge to…

3 days ago

Chinese Hackers Breach US Wiretap Systems – Report

AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform

3 days ago