Citigroup Says Client Data Leaked at Korean Consumer Credit Unit

Citigroup Inc. and Industrial Bank of Korea said client information was leaked from their South Korean leasing and consumer credit units, the latest instances of data breaches at financial firms in the country.

Authorities found 17,000 instances of leaks of information including names and phone numbers, Citigroup Korea Inc. said in an e-mailed reply to Bloomberg News questions today. The company was informed of the breaches by the prosecutors’ office in February, it said. The same number of leaks occurred at Industrial Bank of Korea’s IBK Capital Corp., company official Shin Dong Min said by phone from Seoul, declining to elaborate.

Yonhap News reported earlier today that employees of the two companies may have been involved. Citigroup and IBK said they’re waiting for the results of the prosecutors’ office investigation, declining to provide details including how the data was extracted and whether it has been used.

Information security at financial firms has come under increased scrutiny in Korea since January, when prosecutors found that data on more than 100 million credit card holders had been stolen, the biggest theft of its kind in the country.

Hacking into point-of-sale terminals at member stores led to the theft of information including card numbers and expiry dates of Kookmin Card Co., NongHyup Bank and Shinhan Card Co. customers, the Financial Supervisory Service said on April 11.

In December, the FSS asked the local lending units of Citigroup and Standard Chartered Plc to report on allegations that staff or contract workers sold client information to private lending agents.

Citigroup’s Korean lending unit said last week that it will close 56 of its 190 branches due to the industry’s declining profitability and a shift to online banking.

Before it's here, it's on the Bloomberg Terminal.