It is only just over one month since U.S. retailer Target announced a gigantic customer data breach that turned out to be one of the biggest hacking data thefts in history. Tens of millions of customers’ debit and credit card information was accessed in late 2013. The incident was a major embarrassment for the company, prompted a statement and continues to generate headlines even today.
Despite the increased amount of information available about data security, credit card fraud and hacking attacks, it was South Korea that has been hit by the latest credit card data theft scandal.
This time, unlike in the Target online hacking attack, a rogue employee from Korean ratings firm Korea Credit Bureau stole the information relating to 20 million cards. However, the employee did not just steal the information, but also sold it on to marketing companies.
The case is causing outrage in the country – not surprising given that such a large portion of the population has been affected. A wave of litigation is expected and at least one class-action lawsuit is already underway. None of this is surprising, since personal financial information is justifiably considered to be among the worst areas that can be compromised in a theft.
The affected card issuers include Lotte Card, KB Financial Group’s KB Kookmin Card Co., and Nonghyup Bank. Amid the outrage, 27 executives of KB Financial sent resignation letters to their CEO, while others at Lotte Card Co. followed suit. Public apologies may also have reminded viewers of Japan-bust scenes from two decades ago.
The fallout from the incident is especially severe in South Korea, where a population of around 50 million people collectively hold 115 million credit cards, and cards were used for 66 percent of consumer spending in the country last year. The successful uptake of cards for payment in the country ironically means that companies are going to face a much bigger backlash.
Although the Korean data-theft was not a hack like the Target incident, both stories serve as a reminder to all companies that sensitive customer information, especially that of a financial nature, is vulnerable. The massive negative PR fallout after a data breach can be extremely damaging. Although it is probably impossible to make data 100 percent secure, it would be a foolish company indeed that fails to keep up with latest developments in information security and data protection.