The FSC said it will require all financial chief executive officers to approve corporate IT security plans, make it mandatory for financial companies to hire chief information security officers, require the companies to expand IT security budgets and personnel, increase penalties against companies and executives for data breaches, and institute mandatory compensation for data breach victims when the company is at fault, according to the Korea JoongAng Daily newspaper.
A task force that developed the new rules was set up in the aftermath of the recent data breach at Hyundai Capital. Hyundai Capital, which is a joint venture between Hyundai Motor Group and GE Capital, originally said that 420,000 customers were affected by the data breach, but the FSC determined that 1.75 million customers were actually harmed.
Hyundai Capital said that hackers obtained names, residential registration numbers, mobile phone numbers, and email addresses, as well as passwords to loan services.
The regulator said there will be a 10 week transition period for implementation of the new rules, with full implementation expected in the fourth quarter of 2011.