The chief of KB Financial Group Co., South Korea's No. 3 banking group, may be punished for a recent massive data theft at its credit card unit depending on the results of an ongoing probe, the country's financial regulator said Tuesday.

Last month, the Financial Services Commission revealed that some 20 million clients' personal data had been leaked from three credit card firms -- KB Kookmin, NH Nonghyup and Lotte – as well as Kookmin Bank, which shared customer data with its affiliated card firm.

KB Financial Group has KB Kookmin Card and Kookmin Bank under its wing, and is led by Chairman Lim Young-rok, who took office in July last year.

"A holding company is legally responsible for management of customer data," FSC Chairman Shin Je-yun told lawmakers. "It should take responsibility if there are any irregularities or illegal activities."

Shin said while it is too early to say that the KB Financial chairman would face punishment, the regulator will take action if necessary depending on the results of its probe.

The regulator suspended business for the three card firms for three months starting this week as punishment for the data breach. The punitive measure against the card firms is the first of its kind in 10 years.

Following the data leak, the government has been working to revise bills on personal information protection. One possible measure is ordering phone operators to block lines used in illegal financial marketing activities and financial frauds, known as "voice phishing." 

Also, the financial regulator is pushing to strengthen monitoring of staff at financial companies and their contractors involved in customer data management, and bar financial firms from sharing client data with their affiliates beyond a set limit. (Yonhap)