Regulators to check financial databases
By Kim Da-ye
Nonghyup’s paralyzed computer network and Hyundai Capital’s data leak fiasco has led both the top financial regulator and the central bank to take action.
The Financial Services Commission (FSC) announced Friday it began an investigation into financial companies’ IT security systems on April 11 when the hacking into Hyundai Capital, the nation’s largest consumer finance firm, was made public.
The authority will check the security of financial institutions’ IT systems from late April for a month while forming a task force to prevent further failures.
The Bank of Korea (BOK) hosted an emergency meeting of its monetary policy committee the same day to vote on whether to investigate Nonghyup, the National Agricultural Cooperative Federation, with the FSC.
The central bank is going to examine the possibility of the glitch in Nonghyup’s IT system affecting the BOK’s own computer network and settlement system.
The FSC task force will be divided into three teams ― one to inspect Hyundai Capital and Nonghyup, another to look into financial firms’ security systems and the last to prevent further glitches and improve the security of the IT system across the industry.
The last task could involve revising regulations over IT security including the Electronic Financial Transaction Act that controls all electronic transactions via computers, automated teller machines and phones.
It is rare for the central bank to host an emergency policy meeting, but Nonghyup’s frozen computer network could lead to errors in settling transactions among banks and a shortage of cash in the whole system.
In fact on April 12 when the failure took pace, the closing time for the BOK’s computer network was extended by one hour and 40 minutes to 7:10 p.m.
Nonghyup is also a major lender with some 19 million customers.
Hyundai Capital admitted April 8 that information on some 42,000 clients had been stolen, while 13,000 could have had critical information including passwords hacked.
Nonghyup’s computer network was down for four days before banking via the Internet and phone were recovered. Automated teller machines still aren’t working.
In the meantime, the Seoul District Prosecutors’ Office is evaluating the possible involvement of an insider in the network failure.
The prosecution found some files in Nonghyup’s servers had been erased repeatedly, and is investigating those in charge of server management over a possible conspiracy among the bank’s employees and outsiders.