Over 20 million South Koreans – almost half of the country’s adult population – have been targeted by a credit card data attack. Data including the names, social security numbers, and credit card information of over 20 million people was stolen from the Korean Credit Bureau by a computer contractor.
With the perpetrator arrested, investigators are beginning to discover the immense scale of the security breach. Korea’s “big three” credit card firms run databases that are linked with the Korean Credit Bureau. The contractor exploited the access given to the Korean Credit Bureau and stored the personal information on a USB stick.
The data was sold to managers at several Korean marketing firms, who have since been arrested. Regulators are now studying the security measures used by the firms affected by the data leak. South Korea’s big three credit firms include KB Kookmin Card, Lotte Card, and NH Nonghyup Card.
Chief executives from the three companies have apologised to customers. The credit card providers have offered to compensate customers for financial losses incurred due to the security breaches, according to a statement from the Financial Service’s Commission.
Computer security experts have expressed concern regarding the poor measures of many South Korean companies. The three credit card providers reportedly stored customer information in an unencrypted format, allowing hackers and employees to copy it directly to USB sticks, DVDs, and other file storage mediums.
The credit card companies reportedly did not know about the data theft until they were alerted by investigators. The employee, as well as the marketing managers that purchased illegal credit card data, have been arrested and are facing a range of charges.