The personal information of millions of South Koreans has been stolen by a single hacker, leaving at least 40 percent of the country’s cardholders vulnerable, and potentially a much higher figure. While Seoul’s financial institutions confirmed that 20 million bank users have been affected, the AP is reporting 80 million. And local media are reporting that most people with credit cards may have been affected. Korea JoonAng Daily, the English language version of one of Seoul’s well-respected major papers, reports 104 million pieces of information have been leaked.
A contract IT worker for the Korea Credit Bureau went rogue at some point in 2012. This worker stole millions of names, social security information, salary figures, credit ratings, and credit card numbers from three major firms and sold the information to marketing firms. Korea JoonAng Daily broke down the theft, noting that the KB Kookmin Card had 53 million leaks, the NH Nonghyup Card had 25 million, and the Lotte Card had 24 million; the newspaper cited a local prosecutor’s office as a source.
This means that for every Korean in a population of 50 million, two pieces of personal information were hijacked. And it’s not just your everyday salarymen impacted; local sources say President Park Geun-hye and UN Secretary General Ban Ki-moon were among the victims.
According to Youkyung Lee, the AP reporter covering the story from Seoul, people are going to the banks, worried. “Cardholders are flocking to bank branches and overloading call centres and service websites to find out if their information was stolen,” she writes.
The information-stealing worker and managers from the marketing firms were indicted on Jan. 8, but the attack highlights how a large percentage of the population can fall victim to hackers — all of this data was carted off on a simple USB stick. Some of the stolen data was apparently unencrypted, according to Cho Sung-mok, one of the directors at the Financial Supervisory Service, which is the department investigating the crime.
While a task force is still looking into how the attack will impact those whose information was released, there’s already enormous fallout for the companies targeted — CEOs at each institution have publicly announced plans to resign today. And hundreds of individuals have filed suits against them. It’s unfortunately not a new issue: Koreans already weathered a smaller but still significant security breach in December, when two other banks leaked 130,000 pieces of personal data. One glimmer of hope: Web site passwords for the banks and the CVCs on each card do not appear to have been leaked.
Coming in the wake of the massive Target hack in the U.S., you can’t help but wonder what it going to be done to better protect data worldwide.