Kang Seung-woo reports:
A succession of data leaks are besieging local credit card issuers as the latest version of online security breach has taken place at Hana SK Card.
The continuous irregularities are keeping customers on their toes amid mounting worries about faulty online security.
According to the card issuer, its telemarketing employee leaked not only data, including names, addresses and resident registration numbers, but customers’ information on financial transactions like their passwords and account numbers. [note – see other news sources, below – Dissent]
“The employee involved in the incident usually dealt with private data such as telephone numbers and contact addresses, so sensitive information was not disclosed,” said an official of Hana SK Card.
The card issuer caught suspicion of a data leak on Sept. 15 and notified the police to investigate the suspected employee the next day.
[…]
Although Hana SK said the number of customers whose personal information was leaked was some 200, the amount is likely to be more like in the Samsung incident.
Read more on Korea Times.
Note that the Korea Herald provides conflicting information as to what types of data were compromised:
The card firm, a joint venture between Hana Financial Group Inc. and SK Telecom Co., said the leaked data included “name, address and resident registration numbers” but did not cover information on financial transactions like customers’ passwords and account numbers.
The Hankyoreh reports on the insider aspect of recent breaches:
In both cases, the employees accusing of leaking information were in departments where they handled personal customer information. The Hana SK Card employee worked in telemarketing planning, while the Samsung Card employee was a marketing manager. In each case, the employee engaged in transactions with outside companies using the customer information they administered. The Hana SK Card employee was found to have provided information to an outside telemarketing business, the Samsung Card employee to a loan brokerage.
In both cases, the company’s internal monitoring system failed to function properly. Prior to receiving a tip-off from an outside party who claimed to possess customer information, Hana SK Card was completely unaware of the leak. Samsung Card likewise found out about the irregularities belatedly during an inspection of its internal security system.