Police said Wednesday they have taken into custody one of the key suspects in the hacking of Hyundai Capital's consumer database last year.
The 39-year-old man, surnamed Shin, was arrested in the Philippines and extradited to Korea on Dec. 14, the Seoul Metropolitan Police Agency (SMPA) said.
Shin allegedly broke into the firm's computer servers more than 43,000 times between February and April in 2011 and stole personal information of nearly 1.75 million customers.
The hacker is also suspected of having stolen consumer information from Daum, a major portal site, and Mr. Pizza after attacking their databases.
Shin and two accomplices received some 100 million won ($93,200) from Hyundai Capital after blackmailing the firm by threatening to release the confidential information.
One of the two accomplices is still at large, police said.
Shin fled to the Philippines in 2007 to escape investigation and lived there until he was apprehended by Filipino police.
He told investigators that it took only 90 minutes for him to break into Hyundai Capital's computer system and steal information.
"He said he learned how to hack servers on the Internet and through books," said an officer from the SMPA's cyber crime investigation unit.
After stealing the information on April 7, they demanded 500 million won from the firm in return for not releasing it. Later that day, Hyundai reported the case to the police, and the following day the firm transferred 100 million won to the accounts specified by the hackers in order to help police catch them.
However, only one of the suspects was caught while withdrawing money from a cash machine.
According to Hyundai Capital, the hackers stole the account numbers and passwords of some 13,000 clients as well as personal information, such as names, mobile phone numbers and e-mail addresses, of more than 1.7 million customers.
They sold the information to a loan firm owner last year for 22 million won. The owner was arrested later for buying the information.
"The hackers plotted the crime in the Philippines in December in 2010," the SMPA officer said. "They believed they could earn a lot of money by hacking the databases of large companies and blackmailing them."