[Asia Economy Reporter Kim Min-young] The Financial Supervisory Service (FSS) has decided to notify the prosecution of the investigation results related to the unauthorized use of passwords in dormant accounts at Woori Bank.
According to data received from the FSS by the office of Kim Jong-seok, a member of the National Assembly's Political Affairs Committee from the Liberty Korea Party, the number of Woori Bank branches found to have illegal activities related to unauthorized password use was 200.
The number of employees involved in this incident is 313. In holding branch managers and other supervisors accountable for the employees' illegal actions, the FSS estimates that the number of individuals subject to sanctions exceeds 500.
Some Woori Bank employees reportedly changed temporary passwords without authorization on dormant accounts with inactive smart banking from January to August 2018, thereby activating these accounts.
This exploited the fact that accounts previously unused by customers would be counted as new customer acquisitions simply by reactivating them through password changes.
The FSS identified approximately 40,000 cases of unauthorized password use.
Woori Bank detected unauthorized password use cases during its internal audit at the time. The FSS also became aware of the unauthorized password use incident through Woori Bank's management status evaluation conducted from October to November 2018 and carried out additional inspections.
The FSS plans to bring the unauthorized password use case to the Sanctions Review Committee as early as next month.
The FSS informed the office of Assemblyman Kim that "the inspection results will be reported to investigative agencies later."
This means that the draft corrective action plan based on the IT sector inspection results from Woori Bank's management status evaluation will be handed over to the prosecution for investigation.
The FSS also decided to notify the Ministry of the Interior and Safety, which oversees the Personal Information Protection Act, as unauthorized password use may violate this law.
Article 19 of the Personal Information Protection Act stipulates that "a person receiving personal information shall not use it for purposes other than those for which it was provided, except when separate consent is obtained from the information subject or when special provisions exist in other laws."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
