Police on Wednesday said that 10 people fell victim to phishing scams after their personal information was stolen through a massive data leak at banks last year.

The Seoul Metropolitan Police Agency arrested four members of a voice phishing ring for extorting a total of 37 million won ($35,500) from the victims in two weeks from March 18. Among the suspects is a general manager surnamed Lee, 42, who orchestrated the large-scale scam.

The data of up to 16,000 customers of Citibank was leaked in April 2013, including their mortgage and credit records. The breach was only discovered in late 2013, sparking public outrage over financial institutions’ security problems.

According to the police, Lee rented two studio apartments in Ilsan, Gyeonggi Province, and hired people to plot the crime using some 7,000 pieces of personal information.

Lee’s collection of data included some 1,912 pieces of private data that was leaked from the bank last year, police said.

The suspects posed as officials of a state-run subsidy center, offering low-interest loans.

The suspects told the victims that they needed to have taken out a high-interest loan in order to receive the benefit. After convincing the victims to take out a loan with a 38 percent interest rate, the phishing ring took a commission fee and cut off contact.

Police also booked five more telemarketers and accounts managers without detention.

The bank officials said they were not aware of the customers’ losses before the police investigation.

Police are set to widen their investigation to seek out similar cases connected to the massive data leak of financial organizations.

By Suk Gee-hyun (monicasuk@heraldcorp.com)