Meritz Fire & Marine Insurance Co. is under fire for reporting to regulators a massive leak of customers’ personal data three months after the fact.

The insurance firm went through a massive leak of personal data of some 164,000 clients back in February, which went unreported to state regulator Financial Supervisory Service until Tuesday.

The company issued a public statement and online apology about the delayed report the next day.

“It was hard to understand how a case so severe got to us so late, almost around the same time as the media,” an FSS official said.

The leaked information involves general data ― customers’ name, date of birth, contact number, profession and address ― as well as financial status data, such as credit rating, registered insurance plans and total amount of insurance fees.

“An employee received the personal data of 163,925 clients for analysis purpose and leaked them. We searched through the employee’s computer and deleted the data,” the insurance firm stated in an online apology that was put up on its website.

About 1,700 clients had their personal data used without consent by Meritz employees for sales purposes, the insurance firm said in a statement.

A similar case took place at Hanwha General Insurance with personal information of some-120,000 clients leaked in a hacking incident between March and May 2011.

Hanwha was issued a caution for trying to hide the fact for more than a year until September 2012.

The FSS is set to investigate the data management security of all insurance companies. The two large insurance firms large-scale personal data leaks have raised concerns over the electronic financial security system.

By Chung Joo-won (joowonc@heraldcorp.com)