简体中文
South Korea's financial regulator said Wednesday that it will slap punitive penalties to financial companies for future client data leakage after the incident that personal information of almost all adults in the country was stolen from three credit card issuers.
Punitive fines will be imposed on financial companies, where workers or contractors leak confidential data of clients, to punish them with the fines more than damages incurred, according to the Financial Services Commission (FSC).
The heavy penalties will be imposed on the advertising agents who buy the stolen data to use it for marketing as well as on the financial firms where the client data leakage occurs.
The advertising agents, who use the stolen data illegally, will be rid of its license, while the financial firms in which the data theft happens will be subject to suspension of operations or heavier penalties.
The heavier punishment came after the country's worst-ever client data theft occurred. According to the Financial Supervisory Service (FSS), some 104 million units of personal information were leaked from three domestic credit card issuers, including KB Kookmin, Lotte and NH Nonghyup.
Prosecutors forwarded the case to the financial watchdog on Jan. 8, saying that an unidentified, outsourced staff in charge of data processing-related jobs stole the data and sold it to advertisement agents illegally.
Confidential data from around 20 million people, equivalent to almost all adults in the country, was estimated to be stolen in the process of leakage in the credit card companies as the card issuers were sharing client data with their settlement banks.
The KB Kookmin Card was affiliated with the country's largest bank Kookmin Bank, and the NH Nonghyup Card was linked to the Nonghyup Bank. The Lotte Card was associated with major banks, including Shinhan, Hana and Woori.
The leaked data included at most 19 personal information, including names, mobile phone numbers, workplace phone numbers, ID numbers, addresses of home and workplace, bank account numbers for settlement and credit details.
"This incident was a typical man-made disaster as it can be prevented if basic security procedures were observed," FSC Chairman Shin Je-yoon told reporters at an emergency press conference.
The outsourced staff, who stole client data from the three card companies, visited offices of Samsung Card and Shinhan Card, but he failed to take the data illegally there due to the strict observance of security rules, according to a lawmaker from the ruling Saenuri Party.
Shin said the regulator will impose as heavy sanctions as possible on the three credit card issuers in February, noting that executives of the companies will be held accountable strictly. Following the incident, top executives of the three credit card companies already tendered their resignations.
Meanwhile, the regulator said the stolen personal information was not distributed from the three card issuers, stressing that there has been no confirmed damage found from the leakage incident.
The regulator said security data such as passwords and card verification code (CVC) of clients was not leaked, noting that any damages and losses will be fully compensated by the credit card companies.
To prevent recurrence of the biggest-ever data breach, the FSC planned to minimize personal information that financial companies can collect, while setting the limit at five years during which the financiers can keep customer information in database after the contract expiry.
