20 Million Koreans Hit Credit Card Hack
January 20, 2014

Nearly Half Of South Koreans Hit By Credit Card Data Leak

Peter Suciu for redOrbit.com – Your Universe Online

While more than 70 million Americans may have been affected by the recent data breach that rocked Target stores over the holiday season, on Monday it was reported that nearly half of all South Koreans may have had their credit card details compromised in an unrelated cyber theft.

This week it was reported that the data was stolen by a computer contractor working for the Korea Credit Bureau (KCB), which produces credit scores for customers in South Korea. This breach affected 20 million South Koreans, slightly less than half the nation’s population of 50 million.

Names, social security numbers and credit card details including numbers and expiration dates were stolen and sold to marketing firms.

The scale of the theft only became apparent after the contractor at the center of breach was arrested, reported BBC News on Monday. The managers of the marketing firms were also arrested.

The information was apparently stolen from the internal servers of the KB Kookmin Card, Lotte Card and NH Nonghyup Card reported South Korea’s Financial Supervisory Service (FSS) via ZDnet. As a result of the security breach, the regulators have launched an investigation into the security measures that are now in place.

The FSS noted the data was easy to steal because it was apparently unencrypted and the involved credit card firms did not know the data had been copied until the investigators reported the theft.

However, customers have been reassured they will not be responsible for purchases made with the stolen information.

“The credit card firms will cover any financial losses caused to their customers due to the latest accident,” the FSS said in a statement.

Insider breaches have received a large amount of press in recent months, most notably after the theft of classified NSA data by whistleblower Edward Snowden. However, corporate rather than government computers are more often at risk of such security breaches.

“Data leaks by employees or trusted partners, whether accidental or intentional, are still one of the biggest risks facing companies,” Keith Bird, UK managing director at Check Point told InfoSecurity on Monday.

The firm reportedly found that 52 percent of workers regularly risk accidental breaches with unsafe computing practices, such as sending emails to wrong addresses, or using unencrypted USB sticks.

“So if a trusted person chooses to harvest and leak a large amount of data,” Bird added, “the damage can be severe, in terms of remediation costs, fines from regulators and loss of reputation. Trust is a precious commodity, and it’s all too easily exploited.”

This is not the first such theft of credit card data to occur in the Asian nation. In 2012, two South Korean hackers were arrested after they had stolen data from 8.7 million customers of KT Mobile, the country’s second-largest cell phone carrier.

In November of 2011, Seoul’s top video game developer Nexon was the target of hackers, and some 13 million subscribers to the popular online game MapleStory had their data compromised. In July of the same year hackers stole personal data from 35 million users of Cyworld, South Korea’s social networking site.

On Monday the three bosses of the South Korean credit card firms that were tied to this latest attack issued a public apology for the breach.