Amid growing anxiety over a nationwide information breach committed by foreign banks and credit card companies, it was discovered that several nonbank financial organizations, too, leaked personal information of their customers.
In a belated move to prevent further damages, financial authorities launched an urgent security inspection, focusing on non-bank organizations, which tend to be more vulnerable to information leaks.
According to financial sources on Sunday, up to hundreds of thousands of pieces of customer information were leaked from local savings banks and other small-cap lenders.
The number of victims could be as high as several million in the worst-case scenario, taking into account the recent information leak scandal involving several leading commercial banks.
Late last year, the Financial Supervisory Service found that the two top-ranking foreign banks were responsible for a massive customer data leak.
Standard Chartered Bank, the Korean branch of the U.K.-based banking group, had about 103,000 cases of leaks. As for Citibank, the local unit of the U.S. banking group, it turned out that a senior official delivered 34,000 sets of customer data to a loan collection agency.
The irregularities were detected after the prosecution, during a probe on the illegal sales activities of private loan consultants, confiscated a USB containing the personal information of some 3 million people.
Part of the data turned out to have been leaked from SC Bank and Citibank, whereas the rest came from smaller savings banks and installment finance companies, according to officials.
Following this initial leak, 104 million sets of information were leaked by KB Kookmin Card, Nonghyup Card and Lotte Card.
Considering that savings banks and loan companies are much more vulnerable to security leaks than top-tier foreign banks and card companies, it is likely that the number of victims identified will increase sharply as the probe picks up pace, a financial authority said.
“These non-bank organizations, because of their weak sales capacity, tend to rely on loan consultants and therefore do not have a firm security management system,” the official said.
The resulting damage, however, may be lighter than in the case of major commercial banks due to the relatively fewer number of customers, he added.
Responding to the crisis, the FSS recently sent out a security manual to all financial organizations and decided to implement a special inspection of the banks and companies in question.
It also plans to reinforce the regulations on the recruitment of loan consultants and gradually reduce the quota over the upcoming years, according to officials.
Under the current law, financial organizations which are responsible for information leaks may face punishments as serious as operation suspension.
By Bae Hyun-jung (firstname.lastname@example.org)