Cybercrooks Score: Half of All South Koreans’ Credit Card Data

Credit bureau contractor sells stolen info to marketers

2 min read
Cybercrooks Score: Half of All South Koreans’ Credit Card Data
Twenty million times, sorry.
Photo: Kim Ju-sung/AP Photo

If you didn’t know, now you know: there probably shouldn’t be any expectation that credit card information—or any personal details stored in digital form—is completely safe from hackers. Just as shoppers in the United States were grappling with the theft of 70 million credit card accounts from Target, comes word that credit card data for nearly half of all South Koreans has been purloined. More than 20 million South Korean credit card accounts, including those belonging to President Park Geun-hye and United Nations Secretary-General Ban Ki-moon, were part of the trove plundered in the cyberheist.

The data—including names, identification numbers, income, marriage and passport numbers—was stolen by a computer contractor working for the Korea Credit Bureau, a firm that computes credit scores for consumers and businesses. Ironically, the contractor was ostensibly there working on a project aimed at helping to make credit cards forgery-proof. But from what investigators have been able to piece together, the technician took advantage of the access the credit bureau has to databases run by KB Kookmin Card, Lotte Card, and NH Nonghyup Card, three of the nation’s leading credit card issuers. In February, June, and December 2013, the contractor simply downloaded data to a USB stick and walked out with it. Bad as that easy access was, what’s worse is the fact that the data was unencrypted. Worse still was that the credit card firms didn’t even realize that the information had been copied until investigators pulled the wool from over their eyes.

The entrepreneurial hacker immediately turned the cache into cash; according to officials at the Financial Supervisory Service (FSS), he sold the information to a couple of people, including a loan marketer and a broker. Details regarding the caper began to come out when the contractor and one of the people to whom he sold the data were arrested.

The three companies whose databases were copied issued public apologies and assured the public that steps are being taken to shore up security. Cho Yeon-haeng, president of Korea Finance Consumer Federation, a customer rights group, told Reuters that, “What is needed is stopping repercussions by re-issuing all the affected credit cards.”

Meanwhile, the Financial Services Commission, the country's national financial regulator, issued a statement saying that the credit card firms will cover any financial losses related to the incident. But that hasn’t stopped consumers from filing lawsuits against the credit card companies because of the security lapse. A class-action lawsuit was filed on Monday, one day after the FSS revealed the extent of the data theft.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
Horizontal
An illustration of a series
Carl De Torres
LightBlue

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less