Some of the leaked personal client information from South Korea’s major credit card firms, possibly amounting millions of cases, appears to have been transferred to personal data dealers, sources said Friday, contradicting assurances by regulators that the leak had been contained.
The largest-ever data theft came to light in January when an employee from a personal credit ratings agency, the Korea Credit Bureau, was found to have stolen the sensitive personal information, including resident registration numbers, bank account numbers and credit ratings, of millions of customers of KB Kookmin Card Co., NH Nonghyup Card Co. and Lotte Card Co.
The theft raised concerns of abuse by financial scammers.
While probing the case, financial authorities discovered that the data had come into the possession of dealers of such information and was continuing to be circulated, according to the sources.
The authorities had told the public not to panic, claiming the information had not been sold or transferred to third parties.
The Financial Supervisory Service, a financial watchdog, has reopened its probe into the case upon the request of the card firms, the sources said.
“The KCB employee had insisted that there was no secondary data leak, but we have found some such cases,” said an official from the FSS. “Still, we haven’t secured any evidence that the leaked data was used by financial scammers.”
The prosecution will also overturn its January announcement that there was no third-party leak when it announces its investigation results, expected soon, officials said.
The massive data leak has been a huge blow to the country’s financial industry, sparking outrage over firms’ negligence in data protection and lax security. The card firms were suspended for three months as punishment for the data breach, and their chiefs resigned to take responsibility.
Earlier this week, the government announced inter-ministry measures to prevent data leaks and enhance information security of banks and other financial institutions. Under the new regulations, financial firms will be slapped with fines amounting to 3 percent of their annual sales if found responsible for private information leaks. (Yonhap)