Prosecutors have indicted an employee of a local credit rating firm on charges of leaking the personal data of more than 100 million credit card customers, officials said on Wednesday.
They also indicted two other individuals on charges of purchasing the illegally obtained information.
The largest-ever information leak raised concerns over apparent flaws in the data protection policies and mechanisms of the local credit card companies implicated in the case.
The 39-year-old employee, surnamed Park, of the Korea Credit Bureau is alleged to have stolen massive amounts of personal data from KB Kookmin Card, Lotte Card and NH Nonghyup Card.
Park purportedly leaked the information while working at the credit card firms to help them develop a fraud detection system, officials said.
Card companies have been establishing or improving the FDS since last year after financial authorities called for beefed-up financial security. The FDS is used to analyze how customers use their credit cards and to check if the cards are wrongly used.
Prosecutors said KB Kookmin Card lost data of 53 million customers while Lotte Card and NH Nonghyup Card lost data of 26 million and 25 million customers, respectively. They are still investigating whether more customer data had been leaked.
The credit card firms in question posted official apologies on their websites, pledging to take measures to prevent recurrences.
Earlier this week, prosecutors raided the KCB headquarters and confiscated Park’s computer files and other materials as evidence.
The financial regulatory authorities plan to launch an onsite inspection of the three credit card firms to check for any flaws in their security policies. They are also expected to take disciplinary actions against the officials of the card firms involved in the case.
“We will focus on whether the internal security system functioned well before the leakage of customers’ data and whether it was properly managed (by the card companies),” a Financial Supervisory Service official told the media.
“Should any unlawful practices be found during the inspection, we will take stern disciplinary action.”
Industry sources said that other card firms such as Shinhan Card and Samsung Card were able to avoid information leakages as they have encoded customer data as part of their security programs.