South Korea Vows Harsh Penalties for Data Leaks

SEOUL – South Korean regulators Wednesday vowed tougher penalties for financial firms and executives who fail to protect customer data, following the unprecedented theft of information from at least 20 million people.

“If an accident like this happens again, the company in question will be shut and its executives will no longer be able to work in this industry,” Shin Je-Yoon, the head of the Financial Supervisory Commission (FSC), told reporters.

The warning came after the country’s largest-ever leak of private financial data that involved three credit card companies.

The FSC will soon devise harsher punishments and heavier financial penalties on companies and their executives for future security breaches, Shin said.

“For instance, we are thinking of about 5 billion won ($4.6 million) in fines, or even up to 1.0 percent of their total sales,” Shin said.

The three companies involved in the latest data leak — KB Kookmin Card, Lotte Card and NH Nonghyup Card — will face “the highest level of punishment legally possible”, he said, suggesting a possible three-month business suspension.

The data was stolen by an employee from personal credit ratings firm Korea Credit Bureau who once worked as a temporary consultant at the three firms. He was arrested earlier this month.

The stolen data of 20 million people — out of a total population of 50 million — included names, social security numbers, phone numbers, e-mail addresses, home addresses, credit card numbers and even personal credit ratings.

Since Monday more than two million victims have cancelled their credit cards permanently or requested new ones, with angry customers flooding bank branches and call centres for days.