Client info stolen from Hana Card

By Kang Seung-woo

A succession of data leaks are besieging local credit card issuers as the latest version of online security breach has taken place at Hana SK Card.

The continuous irregularities are keeping customers on their toes amid mounting worries about faulty online security.

According to the card issuer, its telemarketing employee leaked data, including names, addresses and resident registration numbers, but information on financial transactions like their passwords and account numbers was not exposed.

“The employee involved in the incident usually dealt with private data such as telephone numbers and contact addresses, so sensitive information was not disclosed,” said an official of Hana SK Card.

The card issuer caught suspicion of a data leak on Sept. 15 and notified the police to investigate the suspected employee the next day.

Hana Financial Group, the nation’s No. 4 financial services company, launched the independent Hana SK Card in 2009 in collaboration with telecommunications giant SK Telecom.

Earlier this month, Samsung Card said that there was a leakage of personal data on an estimated 800,000 customers, including their names and mobile phone numbers.

In less than a month, two major credit card firms had their customers’ information leaked, a telling sign that serious moral hazard is widespread in the card industry where there are a dozen players.

Under fire after trying to downplay the scandal, Samsung said in its initial report to the Financial Supervisory Service (FSS) and the police that the information of only about 18,000 customers had been compromised, despite already having secured a statement from the suspected employee who said he had leaked the data of 800,000 customers.

Conscious of the Samsung case, Hana SK promptly reported to the police one day after confirming the suspicion.

Although Hana SK said the number of customers whose personal information was leaked was some 200, the amount is likely to be more like in the Samsung incident.

Customers are also worried about the recent leakages.

“I have both Samsung and Hana SK cards, so I plan to cancel them and get a new one for fear of a possible another exposure,” said card holder Chung.

“However, who knows if a new credit card will not suffer another leakage?”

Observers say that a series of wrongdoings in the card industry is attributed to lackluster online security for customers' private data at financial firms.

Hyundai Capital, the nation’s largest lender in the secondary financial sector, had the data of around 1.8 million customers stolen in a series of hackings.

Early this year, the National Agricultural Cooperative Federation, better known as Nonghyup, was compromised in a separate hacking attack, which caused online transactions to fail.

Cut-throat competition to expand market share is also blamed for the latest series of information leakage.

In Korea, a typical economically active person carries an average of 4.8 credit cards, meaning the market is nearing saturation.

Under these circumstances, there have been a series of spinoff of credit card units from the financial holding groups.

In March, KB Card was separated from Kookmin Bank, while Nonghyup and Woori Bank also plan to spin off their credit card units, a move likely to make the competition fiercer.

Due to the heated market share battle, card firms encourage employees to lure customers and they are easily accessible to customer information, which leave them vulnerable to sell it to spam networks.

“Recently, there have been keen competition among card issuers, so employees deal with a lot of customer information,” said an official in the card industry.

“It poses a dilemma for companies as without customers’ personal information, it is difficult to try to solicit them, while it is also open to a possible leakage.”

The financial authorities’ poor supervision is also blamed for the online security breaches.

Although the FSS is frequently required to monitor card firms’ online security, they only launch ad hoc inspections after a situation arises.

The card industry complains that the financial watchdog just carries out a special investigation and imposes punitive action although Hyundai Capital, Samsung Card and Hana SK Card had their customers’ personal information exposed.