Go Search Go Contents Go to bottom site map

(LEAD) Top executives to face sacking over future data leaks: FSC

2014/01/22 15:00

SEOUL, Jan. 22 (Yonhap) -- South Korea's financial regulator on Wednesday unveiled a set of measures to better protect clients from data breaches, including a regulatory framework under which top executives at financial firms could face suspension or dismissal.

The measures also include strengthened monitoring of staff at financial firms and their contractors in areas related to data protection, and strictly regulating sharing of customer information between affiliates. In cases of data breaches, financial firms will face hefty penalties and suspension of business, according to the Financial Services Commission, the country's financial regulator.

"When any data breach occurs, former and incumbent executives will face heavy punishment," Shin Je-yoon, the chairman of the FSC, said in a briefing.

The hastily drawn-up measures come amid public uproar over poor management of client data by financial firms. On Sunday, the regulator said 20 million bank clients' personal data, including bank account numbers, addresses and credit ratings, was leaked from three credit card firms -- KB Kookmin, Nonghyup and Lotte.

A leak also occurred at Kookmin Bank, which shared its customer data with its affiliated credit card firm, according to the regulator.

The largest-ever data theft came to light when an employee from a personal credit ratings agency, the Korea Credit Bureau, and two others were indicted early this month for illegally obtaining and distributing confidential data from the three card firms while working as temporary consultants for the financial institutions.

They are accused of stealing the client data -- altogether amounting to some 140 million cases -- and selling it to advertising agencies for 17 million won (US$16,000) from 2012-13.

The need for more strict control of financial information sharing has been raised here repeatedly, but the regulator has not acted against sharing between affiliates.

Under the proposed measures, clients will be given the choice to opt out of information-sharing among affiliates and third parties.

Financial service providers will be required to end their decade-long practice of asking for "too much" personal information, including citizen registration numbers.

Also, credit card firms will be forced to delete all data during a given grace period if their customers cancel their plastic cards.

The financial regulator also said it will hand down a three-month business suspension to the three card firms, and take punitive measures against their top executives.

Following the scandal, top executives at KB Financial Group Inc. and its mainstay banking unit Kookmin Bank and three other credit card firms have already tendered their resignations and promised to fully cover any financial losses if their clients are scammed with stolen data.

Political parties and President Park Geun-hye have also chimed in by calling for strong punitive measures against those responsible for the data theft. Regulators claim to have confirmed that the stolen data has not been distributed.

Customers' anger, however, has not been abated, with operations of the affected financial firms nearly paralyzed over a deluge of complaints. Customers are also filing lawsuits against the affected firms.

Since Monday, more than 1.8 million cardholders have canceled their credit cards permanently or applied for new ones, according to the Financial Supervisory Service (FSS).

Some 7.27 million people, equivalent to 28 percent of the country's economically active population of 25.87 million, have logged on to the websites of the three card firms to check whether their personal information was stolen, it said.

Other data from the FSS shows sensitive records on some 2.36 million clients have been leaked from financial institutions since 2009, either through hacking attacks or their own employees and contractors, in a separate case from the latest incident.

sam@yna.co.kr

(END)

Related Articles