Korea’s three leading credit card companies -- Kookmin Card, Lotte Card and NongHyup Card -- have been slapped with fines for mishandling customer data.

The Supreme Court on Monday confirmed a lower court’s verdict to fine the three card issuers between 10 million won ($8,450) and 15 million won for violating the Personal Information Protection Act.

The companies were accused of mishandling customer data as they had let subcontractors freely gain access to customers’ information from 2012 to 2013. Approximately 100 million pieces of data, including customers’ names, identification numbers, phone numbers and credit card numbers, were leaked during the period. Those who illegally breached the companies’ systems sold the data sets to loan brokers in exchange for financial rewards.

Data about more than 40 million customers at NongHyup Card was leaked in two data theft cases in 2012, while a similar amount of data was leaked via Kookmin Card in the same year. Lotte Card had nearly 20 million pieces of data breached in 2013.

In 2016, the Seoul Central District Court imposed the strictest penalty possible, based on the information act, on the companies at the first trial, saying, “Leakage of personal data is a critical crime since it could lead to a series of other crimes and financial and nonfinancial damage.”

The appellate court dismissed the appeal in March this year.

A company that mismanages personal data faces up to a fine of 10 million won, while the fine can go up to 15 million won if a similar case happens again.

By Kim Young-won (wone0102@heraldcorp.com)