At least 40% of South Korea’s entire population – some 20 million people – have hadtheir names, social protection numbers and credit card details ripped off and sold to advertising firms in the nation’s biggest-ever theft of personal information.
It’s looking like an inside job.
The theft has been traced back to an IT service provider working for a company called the Korea Credit Bureau, which produces credit scores, the BBC reports.
The worker purportedly copied the massive trove of data onto a USB stick.
He’s been arrested, all along with two managers at the marketing firms who were purportedly willing buyers of the data.
According to the BBC, early news point to the contractor, an engineer, being able to get his hands on the data courtesy of Korea Credit Bureau’s access to databases run by three big South Korean credit card firms.
The Wall Street magazine reports that the chiefs of those credit card firms – KB Kookmin Card, Lotte Card, and NH Nonghyup Card – have in public apologised for the leaks.
Prosecutors earlier this month alleged that the engineer stole the data between May 2012 and December, according to the WSJ.
Executives at the credit card companies have offered to resign.
One of those resignations – that of the head of NongHyup’s card business, Sohn Kyoung-ik – was straight away accepted, while resignations at the other companies are pending decisions from a company board or chairman.
Although the personal information was leaked, it hasn’t yet been distributed, Financial Services Commission Chairman Shin Je-yoon told reporters on Monday.
The card issuers said that customers wouldn’t be responsible for any future fraudulent charges.
An official at Korea’s national financial regulator, the Financial Services Commission, said that the data was easy to steal, known that it was unencrypted and that the credit card issuers didn’t know it had been copied until investigators told them about the theft, the BBC reports.
As far as insider jobs go, this one’s pretty bad if the engineer turns out to be guilty of the crimes with which he’s charged.
The data should have been encrypted, and those trusted with handling it should have been a lot more deserving of that trust.
Deep sympathy to the 20 million Koreans targeted because of the protection lapses involved in this debacle.
You’d think we’d have learned by now, in the wake of the Bradley/Chelsea Manning “Wikileaks” saga of 2010, in which decades of confidential US State Department cables were siphoned off without anyone noticing that one person had been drawing down impossibly large tranches of data onto removable media.
Visit at : http://www.nigerianspam.com