The government is seeking to root out phone-based financial frauds amid rising public concerns that the personal data stolen in recent information thefts will be used by scammers, industry sources said Monday.
According to the sources, the government and political parties are poised to pass a revised bill on personal data protection next month that strengthens requirements for short message service providers and strictly regulates data sharing among corporate affiliates.
Early this month, the Financial Services Commission, the country's financial regulator, revealed that some 20 million clients' personal data, including bank account numbers, addresses and credit ratings, had been leaked from KB Kookmin, Nonghyup and Lotte.
A leak also occurred at a bank that shared its customer data with its affiliated credit card firm, according to the regulator.
The country is already battling financial crimes carried out through phones, commonly called "voice phishing," but investigators and regulators have been unable to catch up with scam methods that are becoming more and more sophisticated in conning unsuspecting citizens into giving up their personal information.
Repeated assurances that the recently leaked data have not circulated failed to allay people's worries.
The centerpiece of the bill revision is forcing phone operators to block off lines used for illegal financial marketing activities and financial frauds such as voice phishing.
According to the data compiled by the regulator, the amount of damages incurred from voice phishing in South Korea totaled 151.6 billion won between January 2011 and September 2012.
The government is also considering strengthening requirements for short message services providers in order to curb the so-called SMishing, a combination of short message services and phishing, which uses text messages to lure people to access bogus websites with malignant codes and dupe them into revealing their
bank or credit card information.
Struggling to quell public jitters over the data leak, the financial regulator unveiled a set of measures last week, including a regulatory framework under which top executives at financial firms could face suspension or dismissal. In cases of data
breaches, financial firms will face hefty penalties and suspension of business, it said.
Since the revelation of the leaks on Jan. 19, angry customers have flooded the offices of affected credit card firms, and inundated their call centers and websites with complaints. An estimated 5 million people have canceled or applied for new credit cards.
The Financial Supervisory Service, the country's financial watchdog, is investigating the three credit card companies and Kookmin Bank, as well as Citibank Korea and Standard Chartered Bank Korea, which suffered similar personal data breaches in late 2013 that affected some 130,000 customers.
The FSS announced it would take disciplinary action such as three-month suspensions of operations and suspensions or dismissals of top management.
The latest data breach is expected to trigger class-action suits from victims of the data theft.
Even if the stolen data do not result in frauds, the affected financial institutions may be forced to pay compensation to clients. In February last year, SK Communications Co., the operator of local search engine Nate, was ordered by a court to pay 200,000 won each as compensation to 2,882 users for failing to protect customer data.
The largest-ever data theft came to light when an employee from a personal credit ratings agency, the Korea Credit Bureau, and two others were indicted early this month for illegally obtaining confidential data from the three card firms while working as temporary consultants for the financial institutions.
The KCB employee stole the data between 2012 and 2013 by copying it onto his mobile device, according to prosecutors.
Last year, the financial regulator announced similar actions to clamp down on phone fraud cases, such as delaying withdrawals of large-sum financial transactions and reinforcing credit authentication. (Yonhap News)