Korean credit card firms under fire as 20M user details are swiped

Bloomberg

South Korea’s biggest theft of personal information on credit card holders prompted dozens of top executives at financial firms, including KB Financial Group Inc., to offer their resignations this week as a regulatory probe widened.

Lee Kun Ho, chief executive officer of Korea’s largest bank, was among 27 executives who sent resignation letters to KB Financial CEO Lim Young Rok, an official at the Seoul-based company said Monday, asking not to be named in accordance with company policy. An emailed statement from Lotte Card Co. said that nine officials from that company had also offered to quit.

The theft has triggered regulatory and criminal probes this month in a country where credit card use accounts for more than half of total consumer spending. South Korean prosecutors have so far indicted three people on suspicion of stealing names, social security numbers and card data tied to millions of customers of Lotte Card, KB Kookmin Card and Nonghyup Bank.

“The incidents will probably hurt the firms’ brand value and lead them to incur one-time costs such as fines and compensation,” said Michael Na, a Seoul-based analyst at Nomura Holdings Inc. “It will spur regulators’ demands that financial companies protect consumers, which isn’t necessarily positive for earnings.”

While there’s no evidence that the leaked information has been misused, the card companies will fully compensate victims for any damage, Financial Services Commission Chairman Shin Je Yoon told reporters yesterday, according to an emailed statement. The regulator will consider revising rules to seek stricter punishment for future breaches, including fines, he said.

One of the people charged with the theft was a software engineer who worked for the three firms between May 2012 and December 2013, and who copied client information onto a USB device before selling it to loan companies, the prosecutors’ service said on Jan. 8.

A total of 106 million pieces of information were transferred, the Financial Supervisory Service said in a Jan. 19 statement. About 20 million card holders at Lotte Card and Nonghyup Bank, and 40 million at KB Kookmin Card, were affected, the report said.

The three card companies aren’t publicly traded, but shares in KB Financial rose 0.5 percent to 39,250 won at 11:20 a.m. in Seoul. The benchmark Kospi index rose 0.5 percent, while Lotte Shopping Co., the nation’s biggest department store operator and owner of Lotte Card, fell 0.1 percent to 380,500 won.

The FSS said on Jan. 19 that it began probing operations at Kookmin Bank, the nation’s largest lender, in relation to information breaches at the card unit. It ordered 14 other financial firms to examine possible data theft, without disclosing the names of the institutions.

The agency also started inspecting local units of Citigroup Inc. and Standard Chartered PLC on Jan. 17 after prosecutors last month found that their customer information was leaked.

South Korean card users aren’t alone in having their information compromised. Target Corp., the second-largest discount retailer in the U.S., said in December that credit and debit card data for as many as 40 million people who shopped in its stores before Christmas may have been taken. Earlier in January, the thieves also got access to the names and phone numbers — as well as and home and email addresses — of as many as 70 million people, the Minneapolis-based company said.

KB Kookmin chief Shim Jae Oh was among the executives who sent resignation letters. Lim hasn’t decided whether to accept the offers, the KB official said. Nonghyup Bank card division chief Sohn Kyoung Ik resigned, the Seoul-based lender said in a statement Monday.

The three card companies issued statements yesterday expressing regret for the breaches and their CEOs bowed in apology at a briefing broadcast on the YTN cable news network.

“We feel deeply guilty and ashamed for losing clients’ trust following this accident,” said Shim, of KB Kookmin, at the briefing. “We’ll take all legal and moral responsibility,” although there haven’t been any reported cases of the information being abused, he added.

Shin, with the FSC, said last week that his agency will hold top managers responsible for such incidents and will take stern action to avoid a repetition of the data theft, calling it a “severe crime that shakes the foundation of the financial industry.”

The watchdog formed a task force on Jan. 17 to find ways to ensure financial institutions properly protect personal data.

South Koreans held a total of 115 million credit cards as of June, in a country with a population of 50 million. People participating in the economy own an average of 4.4 cards each, according to the Credit Finance Association, a lobby group for credit card issuers and leasing companies. The latest credit association data also showed that credit cards accounted for 66 percent of consumer spending in 2012, up from 14 percent in 2000.