FSS sends investigators to largest auto loan firm over customers’ information leak
The Financial Supervisory Service on Monday dispatched a group of inspectors to Hyundai Capital where the personal information of about 420,000 customers and passwords of 13,000 customers have been stolen by hackers.
The hacking allegedly went on for about two months without detection by staff of Hyundai Capital, which is jointly controlled by Hyundai Motor Group and U.S.-based GE Capital.
Regulatory officials said the urgent probe is mainly focused on whether the nation’s largest automobile loan-oriented firm abided by the rules on electronic finance.
“The probe, composed of six inspectors, will go through late this month,” an FSS official said. “Aside from Hyundai Capital, other loan issuance firms will also be the target of special oversight in the coming weeks.”
According to the FSS, the capital services firms have allegedly failed to upgrade their data base systems, which hold customer information, over the past two months.
Hyundai Capital has about 1.8 million customers and specializes in personal loans, home mortgages and auto financing.
The headquarters of Hyundai Capital in southern Seoul. (Kim Myung-sub/The Korea Herald)
What makes this case all the more severe is the fact that the company has reportedly been aware of the incident since receiving a hackers’ email blackmailing the company.
The company was blackmailed on April 7 by an unknown hacker demanding money in return for not releasing the customers’ private information.
The hacking was made public after the company asked police to investigate the case last week. The hacking had been carried out since February without detection.
The FSS is considering punitive actions against the company if irregularities are uncovered in sectors such as guidance for security and hiring of information technology specialists.
In a move to map out supplementary measures to prevent weak points in the financial market, the regulatory body also plans to form a task force in coordination with agencies including the Information Shares Analysis Center.
Police alleged that the hackers gained access to Hyundai Capital’s data from servers located in the Philippines and Brazil.
“It seems that a group of one or more than one seasoned hackers was involved in the case,” said one investigator at the Seoul Metropolitan Police Agency.
He said it is highly likely that the hackers have an overseas accomplice.
Hyundai Capital said its ongoing internal inquiry revealed that not just personal data ― names, residential registration numbers, mobile phone numbers and email addresses ― but also key financial data required to make financial transactions, such as passwords to loan services, were grabbed by the hacker.
The company has instructed customers to change their passwords for their financial accounts. It will also beef up security measures against additional hacking attempts.
In the wake of the incident, financial companies in other sectors, such as commercial banks, brokerage firms, credit card firms and savings banks, have also stepped up to examine their security systems.
In order to avoid detection, the hackers conducted their infiltrations bit by bit without carrying off large amounts of information all at once.
As such, it may have been difficult to detect their presence. However, observers say Hyundai Capital will be unable to avoid charges that its response came too late.
In this case, the problem area is the password leak, as many people use the same ID and password at various financial institutions for ease of memory.
“We are conducting simulations to examine what types of additional damage there may be,” said Hyundai Capital CEO Chung Tae-young.
“I cannot give a definite answer, but we do not think there will be any additional effects,” Chung added.
However, observers say it is now impossible to entirely dismiss the possibility of a second round of aftereffects.
Concerning the incident, President Lee Myung-Bak called Monday for strict protection of personal information.
“As society becomes more information-oriented, protection of personal information is ever more important,” Lee was quoted as saying by his aides at Cheong Wa Dae.
By Kim Yon-se (kys@heraldcorp.com)