Kim Rahn reports:
Financial authorities have found customer information was leaked from not only credit card companies but also insurance firms.
The Financial Services Commission (FSC) said Monday it found Prudential Life Insurance provided clients’ personal information to outsiders by granting them the right to access the firm’s intranet.
[…]
According to the FSC’s recent review, Prudential Life allowed an outside auditor to access the company’s intranet between January and August in 2012 and the auditor looked into the personal information of 51 customers over 66 times without their consent.
The commission slapped 6 million won in fines on the insurer (U.S. $5533.52 – Dissent) and penalized three executives.
But was this really a breach? Prudential claimed that the access to customer data was part of its U.S. headquarter’s audit/review of the Korean unit. If what might be a legitimate or routine business practice is a violation of their data protection laws, then U.S. companies doing business in South Korea need a heads up on this.
Prudential wasn’t the only insurance company cited by the FSC. Rahn reports Woori Aviva Life Insurance was one of a number of companies attacked by hackers on March 20, but didn’t detect the attack nor take prompt steps to block it. The FSC also detected improper sharing of customer information between credit card and insurance units of KB Financial Group.
Read the full report on Korea Times.