Data leaks discovered at IBK, Citi capital firms

By Korea Herald
  • Published : Apr 14, 2014 - 20:38
  • Updated : Apr 15, 2014 - 11:16
Up to 30,000 pieces of customer information at two capital firms were leaked and likely circulated in the market, the nation’s financial regulators said Monday.

The Financial Supervisory Service, which has been cooperating with the prosecution in combing the financial sector for more data breaches following other cases earlier this year, found that data involving some 34,000 clients at IBK Capital and Citi Capital were leaked to illegal brokers.

The bulk of the leaked data files were illegally copied onto a USB memory stick and then sent to a data broker, according to the FSS.

The data leak discovery was the result of an ongoing investigation by prosecutors in Changwon, South Gyeongsang Province.

The prosecutors earlier announced that they discovered nearly 3 million pieces of personal data on the USB memory stick obtained from one of the captured brokers.

The prosecution notified the FSS that the data included some 55,000 and 100,000 pieces of information stolen at IBK Capital and Citi Capital, respectively.

The prosecutors are now reportedly looking into whether any insider handed over the data to brokers in exchange for money.

A spokesman from Citi Capital told The Korea Herald that evidence had yet to be found about any possible involvement of its employees.

The official added that the leaked data did not include critical information such as credit card numbers.

“But we’ll work closely with the financial authorities to monitor whether the stolen data are being used by scammers,” he said.

The Changwon District Prosecutor’s Office has been looking into suspected data leaks from several financial firms since October 2013.

In January, the prosecutors announced that some that some 20 million clients’ personal data had been leaked from three credit card firms ― KB Kookmin, NH NongHyup and Lotte ― as well as Kookmin Bank, which shared customer data with its affiliated card firm.

The Financial Supervisory Service suspended the three card firms for three months as punishment for the data breach, the first punitive measure of its kind in 10 years.

The FSS also confirmed in March that the data of some 50,000 clients were stolen from Citibank Korea and Standard Chartered Bank Korea late last year.

Together with the 130,000 cases confirmed leaked earlier, a combined 190,000 clients’ personal information were stolen from the two banks.

By Oh Kyu-wook (