Personal and financial information of some 20 million South Koreans has been compromised by a consultant working for personal credit ratings firm Korea Credit Bureau (KCB), the AFP reports.
This is one of the largest data breaches in the country’s history, and has apparently affected two fifths of the entire population.
The insider in question had access to internal servers of a number of credit card firms, and has pilfered the user databases of KB Kookmin Card, Lotte Card and NH Nonghyup Card.
The compromised user information includes the customers’ names, phone numbers, social security numbers, credit card numbers and expiration dates. The insider sold the information to phone marketing companies.
After the investigation discovered what happened, the insider and the managers of the companies who bought the data were promptly arrested.
According to report, affected users will be reimbursed by the payment card companies if they lose money because of the compromise.
Despite the magnitude of the breach, South Koreans should not be shocked by the incident. In the last two or three years, there have been quite a few of similar data thefts, either performed by hackers or insiders.
As it happens, the former were usually after users’ personal information, while only last month an employee of Citibank Korea stole information on 34,000 of the bank’s clients, including details about their lending contracts, and sold it to private loan service providers.
Dissent from the Office of Inadequate Security has also noted that foreign citizens with credit cards from South Korean companies are having trouble discovering whether their information was in the compromised batch. Also, that the executives at KB Financial group and its KB Kookmin Card unit have offered to resign in the wake of the breach.