Tens of thousands of South Koreans were forced to cancel their credit cards after a security contractor secretly copied and sold personal account details of 20 million customers to loan companies.
The IT engineer, who temporarily worked for the Korea Credit Bureau, a company that offers risk management and fraud detection services, was able to breach databases of three major credit card firms and swiped crucial personal data over the course of a year.
He copied account details from KB Kookmin Card, Lotte Card, and NH Nonghyup Card, such as social security numbers, addresses and credit card numbers, into an external hard drive and sold them to marketing firms.
The engineer was arrested earlier this month and charged for the data breach along with two alleged buyers of the information.
Financial regulators are now looking into security measures at the three firms.
“The credit card firms will cover any financial losses caused to their customers due to the latest incident,” Korea’s Financial Services Commission said in a statement.
Chief executives at the three credit card firms have issued a public apology and tendered their resignations, as have top-level managers at each firm.
All 27 top executives from KB Financial’s banking and credit-card units, as well as its holding company, KB Financial Group, offered to resign to take responsibility for the breach, which affected about 53 million card holders, the bank said Monday.
The head of Nonghyup’s card business, Sohn Kyoung-ik, also resigned. Nine executives at Lotte, including its CEO Park Sang-hoon, offered to resign. The resignations will be subject to approval by the board of directors.
Despite reassurances that leaked information hasn’t been circulated and risk of fraudulent transactions dismissed, resignations flooded the banks and call centers.
Since Monday, more than 1.15 million card holders have requested to permanently cancel their compromised credit cards and requested new ones.
The Korean government have launched an investigation into the matter. South Korean president Park Geun-hye has called for strong punitive measures against those responsible for the leaks amid growing concerns among customers that their information could fall into the hands of scammers.
By Maesie Bertumen