Korea’s Biggest Card-Data Theft Prompts Executives to ResignSeonjin Cha
South Korea’s biggest theft of personal information on credit-card holders prompted dozens of top executives at financial firms including KB Financial Group Inc. to offer to quit this week as a regulatory probe widened.
Lee Kun Ho, chief executive officer of Korea’s largest bank, was among 27 executives who sent resignation letters to KB Financial CEO Lim Young Rok, an official at the Seoul-based company said yesterday, asking not to be named in accordance with company policy. Nine officials at Lotte Card Co. also offered to quit, that company said in an e-mailed statement.
In a country where plastic is used for more than half of total consumer spending, thousands of customers asked that their cards be canceled, the regulator said today. South Korean prosecutors this month charged three people with stealing names, social-security numbers and card data tied to millions of customers of Lotte Card, KB Kookmin Card Co., and Nonghyup Bank.
“The incidents will probably hurt the firms’ brand value and lead them to incur one-time costs such as fines and compensation,” said Michael Na, a Seoul-based analyst at Nomura Holdings Inc. “It will spur regulators’ demands that financial companies protect consumers, which isn’t necessarily positive for earnings.”
While there’s no evidence that the information has been misused, the companies will fully compensate victims for any damage, Financial Services Commission Chairman Shin Je Yoon told reporters yesterday. The regulator will consider revising rules to seek stricter punishment including fines, he said.
President Park Geun Hye, speaking on a visit to Switzerland, demanded a thorough investigation and vowed to hold people responsible, according to an e-mailed statement from the leader’s office today. She asked officials to prepare steps to prevent a repetition of the leaks, the statement showed.
About 20 million card holders at Lotte Card and Nonghyup Bank and 40 million at KB Kookmin Card were affected, the Financial Supervisory Service said on Jan. 19. The estimate may include overlaps for multiple card holders or former customers.
A total of 532,700 customers of the three companies asked to terminate their cards, while 616,800 demanded they be reissued, the FSS said today in an e-mailed statement.
One of the people charged was a software engineer who was working for the three firms from May 2012 to December 2013 and who copied client information onto a USB device before selling it to loan companies, the prosecutors’ service said on Jan. 8.
The three card companies aren’t publicly traded. Shares of KB Financial rose 0.5 percent to 39,250 won at the close of trading in Seoul. The benchmark Kospi index rose 0.5 percent. Lotte Shopping Co., the nation’s biggest department store operator and owner of Lotte Card, fell 0.3 percent.
The FSS said on Jan. 19 that it began probing operations at Kookmin Bank, the nation’s largest lender, in relation to information breaches at the card unit. It ordered 14 other financial firms to examine possible data theft, without disclosing the names of the institutions.
The agency also started inspecting local units of Citigroup Inc. and Standard Chartered Plc on Jan. 17 after prosecutors last month found that their customer information was leaked.
South Koreans were the world’s most frequent users of credit cards in 2011 with 129.7 transactions per person, the Bank of Korea said in June, citing Bank for International Settlements data on 23 countries. They were followed by Canadians with 89.6 transactions and Americans with 77.9.
In a country of 50 million people, Koreans held 115 million credit cards as of June, with participants in the economy owning 4.4 cards each on average, according to the Credit Finance Association, a lobby group. Plastic accounted for 66 percent of consumer spending, up from 14 percent in 2000, the data show.
Korean card users aren’t alone in having their information compromised. Target Corp., the U.S.’s second-largest discount retailer, said in December that credit- and debit-card data for as many as 40 million people who shopped in its stores before Christmas may have been taken. The Minneapolis-based company said this month that the thieves also got access to the names, phone numbers and home and e-mail addresses of as many as 70 million people.
KB Kookmin chief Shim Jae Oh was among the executives who sent resignation letters. Lim hasn’t decided whether to accept the offers, the KB official said. Nonghyup Bank card division chief Sohn Kyoung Ik resigned, the Seoul-based lender said in a statement yesterday.
The three card companies issued statements yesterday expressing regret for the breaches and their CEOs bowed in apology at a briefing broadcast on the YTN cable news network.
“We feel deeply guilty and ashamed for losing clients’ trust following this accident,” KB Kookmin Card’s Shim said at the briefing. “We’ll take all legal and moral responsibility,” although there haven’t been any reported cases of the information being abused, Shim said.
The FSC formed a taskforce on Jan. 17 to find ways to ensure financial institutions properly protect personal data. Commission chairman Shin said last week that his agency will take stern action to avoid a repetition of the data theft, calling it a “severe crime that shakes the foundation of the financial industry.”