KCB is a credit scoring company that has access to the databases of KB Kookmin Card, Lotte Card, and NH Nonghyup Card, from whom the details were stolen. The arrested IT worker was apparently able to copy the details from their servers before selling them to the marketing companies – whose managers have also been arrested.
The details stolen by a temporary contractor working for the KCB include customer names, social security numbers, credit card numbers and expiry dates. Regulators have launched an investigation into how the data was so easily stolen. According to the BBC, an official at the Financial Services Commission (FSC) "said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft."
The theft is believed to have affected at least 20 million card customers in a country with a population of 50 million. It is the latest, but perhaps most serious breach in a series of incidents. "An employee of Citibank Korea was arrested last month for stealing the personal data of 34,000 customers," reports AFP.
"In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile," reports the BBC. "Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack."
And in 2011 a breach at South Korean online gaming company Nexon exposed personal information on 13 million subscribers, while a breach at Epson Korea compromised the details of 350,000 Epson customers.
Commenting on insider breaches in general, Keith Bird, UK managing director at Check Point, warned, “Data leaks by employees or trusted partners, whether accidental or intentional, are still one of the biggest risks facing companies." Check Point's own research revealed last year that 52% of knowledge workers regularly risk accidental breaches with unsafe computing practices, such as sending emails to wrong addresses, or using unencrypted USB sticks.
“So if a trusted person chooses to harvest and leak a large amount of data," he continued, "the damage can be severe, in terms of remediation costs, fines from regulators and loss of reputation. Trust is a precious commodity, and it’s all too easily exploited.”