South Korean Banks Fined £3,400 After Epic January Data Breach

South Korean authorities have placed temporary limits on operations of the three credit card issuers which were involved in the recent data leak that affected as many as 20 million customers.

Data stolen in January included names, emails, physical addresses, social security numbers, credit card numbers and phone numbers but no passwords or Card Verification Value (CVV) numbers were compromised. According to the BBC, the three firms – KB Kookmin Bank, Lotte Card and NongHyup Card – were also hit with a fine of six million won (£3,371) each.

“The three companies neglected their legal duties of preventing any leakage of customer information, and [to comply with] internal controls,” said the South Korean Financial Supervisory Commission (FSC) in a statement.

The FSC declared that the banks were guilty of neglect, and said they will be unable to issue new cards for the next three months. With the fine almost negligible, it is the temporary suspension that’s set to punish the banks: the South Korean credit market is highly competitive, and not being able to sign up new customers for a whole quarter could ruin a less capable business.

Data breach Punishment

As many as 104 million cards were compromised in the January breach – the largest in South Korean history. It was allegedly perpetrated by a contractor working for the Korea Credit Bureau, a credit ratings agency similar to Experian and Equifax in the UK.

It is thought that the contractor saved the data on a USB stick for more than a year, before attempting to sell it to marketing companies though two accomplices. All three have now been arrested.

An average South Korean owns four credit cards, and the incident resulted in thousands of customers besieging the offices of the credit card issuers. Many of those affected have cancelled cards or applied for new ones.

The incident prompted a public apology from the banks, and the resignation of several executives. Many customers are now considering joining class action lawsuits against the organisations involved in the breach.

Even though the data cannot give a third party access to the customers’ funds, it can make them the target of fraudulent marketing emails and calls.

In December, US retailer Target was breached, exposing credit card details of as many as 110 million people.

How well do you know network security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

2 days ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

2 days ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

2 days ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

3 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

3 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

3 days ago