Ju-min Park of Reuters reports:
South Korea’s financial watchdog launched an investigation on Monday into the leak of personal information from South Korea’s Hyundai Capital, the consumer finance unit of Hyundai Motor Group, a Financial Supervisory Service official said.
Hyundai Capital said personal information on about 420,000 of its 1.8 million customers was leaked when an unidentified hacker attacked its database.
Read more on Portfolio.com.
In related coverage, KBS World reports:
A cyber crime investigation team of the Seoul Metropolitan Police Agency probing the case said it found evidence of hacking into Hyundai Capital via a server in the Philippines and Brazil….
Last Thursday, Hyundai Capital said it had received a threat letter from a group that demanded hundreds of millions of won for not revealing personal data of some 420-thousand Hyundai Capital customers that the group had hacked. At first, the hackers had reportedly hacked personal data, including customer names, social security numbers, e-mail addresses and cell phone numbers. But additional investigation found that security passwords of some 13-thousand customers of prime loans had also been leaked.
… the company told the public on Friday that an unidentified hacker attacked its database, leaking personal information for 420,000 of its 1.8 million customers, including their names, resident registration numbers, mobile phone numbers and email addresses. At the time, the company stressed that key data required for financial transactions was not leaked.
[…]
Hyundai Capital said that it plans to notify affected customers of the fact that their private data and credit information was leaked, while asking them to change their passwords. It also will beef up security measures against additional hacking attempts, its official said.
What may really cause trouble for the firm (as if they didn’t have enough already!) is something reported by Korea JoongAng Daily:
Hyundai Capital also admitted that private information about its customers has been trickling out since February, but the firm only became aware of it when a hacker who got hold of the information sent the company an e-mail to extort money.
Executives faced the press on Sunday and apologized, as reported by the Korea Herald.