South Korean Banks Fined £3,400 After Epic January Data Breach

South Korean authorities have placed temporary limits on operations of the three credit card issuers which were involved in the recent data leak that affected as many as 20 million customers.

Data stolen in January included names, emails, physical addresses, social security numbers, credit card numbers and phone numbers but no passwords or Card Verification Value (CVV) numbers were compromised. According to the BBC, the three firms – KB Kookmin Bank, Lotte Card and NongHyup Card – were also hit with a fine of six million won (£3,371) each.

“The three companies neglected their legal duties of preventing any leakage of customer information, and [to comply with] internal controls,” said the South Korean Financial Supervisory Commission (FSC) in a statement.

The FSC declared that the banks were guilty of neglect, and said they will be unable to issue new cards for the next three months. With the fine almost negligible, it is the temporary suspension that’s set to punish the banks: the South Korean credit market is highly competitive, and not being able to sign up new customers for a whole quarter could ruin a less capable business.

Data breach Punishment

As many as 104 million cards were compromised in the January breach – the largest in South Korean history. It was allegedly perpetrated by a contractor working for the Korea Credit Bureau, a credit ratings agency similar to Experian and Equifax in the UK.

It is thought that the contractor saved the data on a USB stick for more than a year, before attempting to sell it to marketing companies though two accomplices. All three have now been arrested.

An average South Korean owns four credit cards, and the incident resulted in thousands of customers besieging the offices of the credit card issuers. Many of those affected have cancelled cards or applied for new ones.

The incident prompted a public apology from the banks, and the resignation of several executives. Many customers are now considering joining class action lawsuits against the organisations involved in the breach.

Even though the data cannot give a third party access to the customers’ funds, it can make them the target of fraudulent marketing emails and calls.

In December, US retailer Target was breached, exposing credit card details of as many as 110 million people.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

14 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

14 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

15 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

15 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

16 hours ago