New massive data leak found at card companies

By Korea Herald
  • Published : Apr 11, 2014 - 20:20
  • Updated : Apr 11, 2014 - 20:20
The personal information of more than 100,000 customers was once again found to have been stolen from leading credit card companies.

This time, the theft also involved Shinhan Card, which had previously been left out from information leak scandals.

Watchdog Financial Supervisory Service discovered that the corresponding data had been leaked from Shinhan, KB Kookmin, NH NongHyup cards, as well as from Kwangju Bank, officials said Friday.

KB Kookmin and NH NongHyup cards were punished earlier for other massive data leaks revealed in January.

The discovery was made during an investigation of a group of hackers that had penetrated the storage server of a point-of-sale (POS) company and stole 3.2 million pieces of credit card usage records. A POS device, which includes a debit and credit card reader, collects user names, contact information, credit card numbers and other confidential information for transactions in money and goods.

The hackers allegedly obtained passwords for OK Cashbag cards, a widely used mileage card, and withdrew some 102 million won ($115,108) from credit cards, investigators said, knowing that many use the same passwords for all their cards.

The FSS said it has ordered companies using the POS system to install security programs on every device. Less than half of the 350,000 POS devices used across the country are equipped with such software, it said.

The Financial Services Commission, the financial regulator, said it will push for the replacement of the current POS device with an integrity chip (IC) reader, which provides a higher level of security protection, starting from July.

Credit card firms will raise 100 billion won to help small shops and retailers buy new IC chip-installed devices, the regulator added.

By Bae Hyun-jung and news reports