In the latest hack against the South Korean people, nearly 20 million identities have been stolen and sold on by a contractor at the credit rating firm Korea Credit Bureau, a company that maintains one of the most popular credit reporting services in the nation.
Turns out an unnamed IT consultant who was hired on as a contractor had been secretly hoarding the data for months, slowly selling off details to the highest bidder at major marketing companies throughout the region. Both the consultant and the managers at the companies he was communicating with have been arrested by South Korean officials, who claim they first discovered the heist after a sting operation where he was caught red-handed attempting to offload the data for illicit payments.
The three credit card companies in question who were affected by the intrusion include the Lotte Card, the KB Kookmin Card, and the NH Nonghyup Card. Supposedly the bulk of this data was stored on unencrypted servers at the KCB, which had no protections installed on them to ward off these types of internal attacks.
In a statement to AAP, the Korean Financial Supervisory Service has reassured customers that any money stolen from their accounts as a result of this issue will be reimbursed in full by the agencies responsible.
“The credit card firms will cover any financial losses caused to their customers due to the latest accident,” the regulator said.
Despite the immense numbers being thrown around in regards to this story, 20 million only marks the second largest data theft in South Korea’s history, with the attacks on the Cyworld social networking website that claimed the details of over 35 million people taking the cake for first place.