By Kim Rahn
Financial authorities have found customer information was leaked from not only credit card companies but also insurance firms.
The Financial Services Commission (FSC) said Monday it found Prudential Life Insurance provided clients’ personal information to outsiders by granting them the right to access the firm’s intranet.
Such access-right provision also took place in the recent massive data leaks from KB Kookmin Card, Lotte Card and NH NongHyup Card ― the firms allowed access to their data to a worker at their subcontracting credit information service provider, Korea Credit Bureau, and the worker stole the data by storing it on USB memory sticks.
According to the FSC’s recent review, Prudential Life allowed an outside auditor to access the company’s intranet between January and August in 2012 and the auditor looked into the personal information of 51 customers over 66 times without their consent.
The commission slapped 6 million won in fines on the insurer and penalized three executives.
“Prudential permitted review of customer data to an outsider without the clients’ consent. It is a serious breach of regulation,” an FSC official said.
Prudential said the review was part of inspections by the insurer’s U.S. headquarters into the Korean unit, as the headquarters needed to check whether customers regularly paid premiums and the company properly calculated the premiums.
In the case of Woori Aviva Life Insurance, it was found belatedly that the insurer was hit by North Korea’s hacking attack on March 20 and its computer system was out for nine hours. At that time, the authorities confirmed attack on only Shinhan Bank, Jeju Bank and NH NongHyup Financial’s banking and insurance units.
According to the FSC, Woori Aviva did not realize the attack on the day of the hacking and failed to take measures to block the attack, resulting in a halt of computer systems from 3:55 p.m. to 1:07 a.m. the next day.
The authorities also detected improper sharing of customer information between credit card and insurance units of KB Financial Group.
KB Life Insurance used customer data from KB Kookmin Card to make some 60,000 contracts between July 2011 and August 2012, and offered 9.4 billion won to the card firm as a commission.
“Kookmin provided selected information so that the insurer can easily make new contracts for specific insurance products. It is beyond a simple data sharing practice,” the official said.
The authorities also found additional data of some 103,000 clients of major commercial banks here during their investigation into the information theft at Citibank Korea and Standard Chartered Bank Korea. The prosecution earlier said a subcontractor stole about 137,000 customers’ data from the two banks.
“From the memory sticks the thief had, we found the additional data, including names of banks and customers and their phone numbers. But many of them are overlapped with the information leaked from the card firms, so we don’t know yet whether they were part of the data from the card firms or freshly leaked ones from those banks,” he said.