Contractor with USB Stick Commits Biggest Credit Card Data Heist in South Korean History
A computer contractor stole credit card credentials, names and social security numbers of approximately 20 million South Koreans by copying them to a USB stick, according to the BBC. This is the largest data theft in the history of South Korea.
The IT contractor, who was employed by a credit score company named Korea Credit Bureau, allegedly sold the credit card details to a marketing firm. The scale of the crime became known only after the contractor was arrested.
“Their parent firms seem to be taking a step back (from the issue) and not showing any responsible attitude,” Gov. Choi Soo-hyun of the Financial Supervisory Service, Korea’s financial markets regulator, told his staff, according to Yonhap News Agency.
“We will hold them fully responsible for the data leak if their sharing of client data among affiliates and internal control turn out to be the cause.”
The affected companies are KB Kookmin Card, Lotte Card, and NH Nonghyup Card, according to the report from Korea’s Financial Supervisory Service. “The chance of copying credit cards is very slim, as passwords and card validation codes (CVC) were not stolen,” the report said.
The data was unencrypted, which made it easy to steal, and the credit card firms weren’t aware of the theft until the authorities noticed them, the BBC reported.
Managers from the marketing firms allegedly involved were arrested along with the contractor. Three senior executives of the credit card firms that lost the data have issued formal apologies.
Today all the 27 top executives from KB Financial offered to resign. The head of Nonghyup and nine executives form Lotte Card, including the CEO, also offered to resign, according to The Wall Street Journal.