According to various new reports like this one at the Korea JoongAng Daily, Hyundai Capital - the financial arm of Hyundai Motor Group that specializes in auto loans, home mortgages and personal loans - found out late last week that some 420,000 of its client records had been taken by a hacker. It only found out, says the news article, because the hacker who took the information sent an email to the company last Thursday morning demanding money not to release the stolen information.
"Hyundai called in the police and transferred 100 million won [about $92,500] into an account designated by the blackmailer who has already withdrawn 47 million Won, says Yonhap, adding that police have CCTV footage of a man taking cash from a Seoul ATM."
Financial information, names, addresses, mobile phone numbers, emails and residential registration numbers of the Hyundai Capital clients - which make up 25% of all of its clients - were said to have been taken. The Korea Herald reported that 13,000 clients had their passwords stolen as well.
South Korea's Financial Supervisory Service has launched an investigation, the Korea Herald further reported. According to the paper:
"Regulatory officials said the urgent probe is mainly focused on whether the nation’s largest automobile loan-oriented firm abided by the rules on electronic finance."
Newspapers articles say that the hacking had gone on undetected for some two months. The Korea Herald states that Hyundai Capital servers in Brazil and the Philippines were targeted.
Mr. Chung Tae-young, president of Hyundai Capital, was quoted in this Korea JoongAng Daily article as saying:
"I am remorseful and ashamed that we could not prevent such an occurrence. I ask our customers to rebuke us by all means, but do not become prey to excess anxiety. We are putting all we have toward stopping a second round of hacking and to never letting this happen again."
I think that the affected Hyundai Capital clients will be more than happy to rebuke the company; however, keeping from feeling excess anxiety, I am not so sure of.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.