Credit-card issuer faces criticism for attempting to downplay scale of breach


Samsung Card, one of the nation’s leading credit card companies, is under fire for trying to downplay the leak of clients’ personal information as concerns mount over the frequent exposure of such data online in the world’s most wired country. 

Though Samsung Card had reason to believe that data of up to 800,000 clients may have been compromised after an employee allegedly extracted their personal information, the credit card firm initially gave a much smaller number of clients in its initial report.

Samsung Card alerted the Financial Supervisory Service and the police last month that the data of 18,000 customers had been leaked, but this was was after it had already secured a statement from an employee at its marketing department, identified by his surname “Park,” who said he illegally retrieved the information of 800,000 clients.

Samsung Card said it first discovered Park’s irregularities on Aug. 25 as it was checking its data security system. It reported to the financial regulator three days later, and then the police on Aug. 30.

Addressing the snowballing criticism about its attempts to downplay the violation, Samsung Card said it tried to get to the bottom of the issue on its own but failed. This, it said was why it “belatedly” notified the authorities and enlisted their assistance.

“We are yet uncertain of exactly what kind of information has been leaked, but we understand that the first two digits of residence numbers, the names, companies and mobile phone numbers were exposed,” Samsung Card said in a statement posted on its website apologizing for the incident.

The FSS has launched a special investigation into Samsung Card. The police have raided the firm’s headquarters where officers seized the suspect Park’s laptop. They also confiscated data from Park’s computer at his home in western Seoul.

“We are looking through the computer files for more evidence,” the police said.

The exposure of personal information at Samsung Card is just one of the frequent data leaks the nation has been suffering over the past few years as companies are now conducting large parts of their operations online.

Mismanagement of this information and a lack of stringent regulatory guidelines ―coupled with low awareness for protecting personal information at both the client and company end, have been repeatedly cited as being the cause behind the frequent violations.

The government and companies have pledged to step up preventative efforts, but the Samsung Card case came just a month since another information leak at another major local company.

SK Communications recently apologized to its clients when their information was exposed by hackers who broke into the company’s social networking service websites. More than 30 million users became vulnerable due to the incident, but neither authorities nor the company have figured out what happened.

The cause behind another previous information leak at Nonghyup, which has the nation’s largest online financial network, is also yet to be confirmed, prompting criticism from the public about the lack of tools and infrastructure for fighting cyber crimes.

In April, the personal information of some 1.8 million Hyundai Capital customers was compromised by hacking, in which the hacker implanted a malicious code in the company’s website to break into its data storage system.

On Thursday, the FSS decided to issue an institutional warning to the consumer finance firm and reprimanded its chief, holding them responsible for a major hack of the company.

By Kim Ji-hyun (jemmie@heraldcorp.com)