Credit card details from 20 million South Koreans have been stolen and sold to marketing firms.
The data from almost half of South Korea’s population was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.
The names, social security numbers and credit card details were copied by the IT worker.
The scale of the theft became apparent after the contractor at the centre of the breach was arrested.
Managers at the marketing firms which allegedly bought the data were also arrested.
Early reports suggest that the contractor got hold of the giant trove of data thanks to the access Korea Credit Bureau enjoys to databases run by three big South Korean credit card firms. The contractor stole the data by copying it to a USB stick.
Credit card details from 20 million South Koreans have been stolen and sold to marketing firms
Regulators are now looking into security measures at the three firms – KB Kookmin Card, Lotte Card, and NH Nonghyup Card – to ensure data stays safe. A task force has been set up to investigate the impact of the theft.
The three bosses of the credit card firms involved made a public apology for the breach.
In a statement the Financial Services Commission, Korea’s national financial regulator, said: “The credit card firms will cover any financial losses caused to their customers due to the latest accident.”
Another official at the FSC said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft.
This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile.
Eighteen people have been charged with stealing at least $200 million in a credit card fraud ring, possibly one of the largest in US history.
The scam allegedly involved thousands of fake identities and businesses, lying to credit rating agencies and wiring some of the proceeds abroad.
An FBI agent said the accused had used “a virtual cafeteria of sophisticated frauds and schemes”.
The New Jersey-based scam is alleged to have operated in 28 states.
Beginning in 2007, the elaborate scheme involved falsely improving the credit scores of 7,000 fake cardholders, allowing the scammers to borrow high amounts of money which they never repaid, investigators said.
“The accused availed themselves of a virtual cafeteria of sophisticated frauds and schemes, whose main menu items were greed and deceit,” David Velazquez, assistant special agent in charge of the FBI’s Newark field office, said on Tuesday.
More than 25,000 credit card accounts were set up using falsified utilities records and a network of 1,800 mailing addresses.
Prosecutors allege that in one case a defendant used a 6-year-old’s Social Security number for a fake utility bill.
The ring also established at least 80 sham businesses and acquired credit card processing machines, swiping the fake cards and keeping the money, according to a complaint filed at a New Jersey district court.
Eighteen people have been charged with stealing at least $200 million in a credit card fraud ring, possibly one of the largest in US history
Officials say they have confirmed $200 million in losses so far, but say the final amount might grow “due to the massive scope of the conspiracy”.
“This type of fraud increases the costs of doing business for every American consumer, every day,” US Attorney Paul Fishman said.
“Through their greed and their arrogance, the individuals arrested today and their conspirators allegedly harmed not only the credit card issuers, but everyone who deals with increased interest rates and fees because of the money sucked out of the system by criminals acting in fraud rings like this one.”
Three jewellery stores were also implicated in connection with the scheme.
Prosecutors allege that each store allowed fraudulent transactions through extra credit card processing machines and would split the proceeds with other members of the ring.
The conspirators allegedly wired millions of dollars to Pakistan, India, the United Arab Emirates, Canada, Romania, China and Japan.
Millions more were spent on purchasing gold, spa treatments, electronics and luxury cars. In one raid, officials said they found $78,000 stashed in an oven.
Fourteen appeared before a judge on Tuesday, eight were released, and six remained in custody ahead of a bail hearing on Friday.
Each of the defendants was charged with one count of bank fraud and could face up to 30 years in prison and a $1 million fine if convicted.