Security Magazine

Massive Data Theft in South Korea Highlights Financial Cybersecurity Weakness

January 20, 2014

Security lapses in the financial industry have been further illustrated by the massive theft of customer data from three major credit card firms in South Korea, according to this AP report.

The theft of information linked to 80 million credit cards, including salaries, monthly card usage, credit rating and card numbers, has sparked widespread public concern, as cardholders rush to bank branches and overload call centers and service websites to see if their information as stolen.

Local media says that the theft (which was first revealed by prosecutors) may have affected most credit card holders in the country of 50 million people. As of yet, no financial losses have been reported.

According to Financial Services Commission Chairman Shin Je-yoon in a statement Monday, the credit card companies had failed to ensure adequate security. Companies were urged to be vigilant about data theft not only by hackers but also by employees and contractors, AP reports.

Prosecutors said last week that an employee of Korea Credit Bureau, a contractor, stole the data beginning in 2012 by copying data to a USB device. The worker, who was responsible for the development of new software to detect credit card fraud, sold the data to a loans company, according to the article.

The stolen data was unencrypted, and the companies were unaware of the theft until prosecutors began the investigation.