[1mm Financial Talk] The Paradox of One App... Financial Companies' Personal Data Leaks Erupt Just When You Forget

"Advancement and Complexity of Computer Systems... Many Variables to Consider During Testing Process"

[Asia Economy Reporter Yu Je-hoon] The card industry is experiencing a series of personal information leaks through mobile applications. Industry insiders agree that this is a ‘paradox’ occurring in the process of financial institutions enhancing services with a one app strategy for consumer convenience.

According to the financial sector on the 22nd, recent incidents of personal information leaks occurred consecutively in Samsung Financial Networks’ integrated app Monimo and KB Kookmin Card’s mobile app. In the case of Monimo, on the 18th, customers using Samsung Securities services had other people’s account information leaked.

Samsung Financial began damage control from the morning of the 19th, but a total of 344 victims were affected. The leaked information mainly included account numbers, held stocks, and balances, and some victims reportedly had their names and transaction details exposed. Samsung Financial stated, "The cause of the incident was an error during the Samsung Securities system upgrade," adding, "No customers suffered financial damage from this incident, and individual contacts have been made with the victims."

On the following day, the 20th, a similar incident occurred in the KB Kookmin Card mobile app. A user attempting to log in to the KB Kookmin Card mobile app on the 20th was connected to another person’s account. During this process, information such as scheduled payment amounts, detailed usage charges, and installment details were leaked. KB Kookmin Card explained, "It was due to temporary instability in the computer system," and "Our internal investigation found only this one error, and there was no financial damage."

The financial authorities have also begun responding. The Financial Supervisory Service issued a press release the day before, stating, "We will investigate the cause of the incident and ensure prompt compensation if consumer damage occurs, and guide immediate system improvements to prevent recurrence," adding, "We will strengthen inspections regarding compliance with program testing and third-party verification procedures for mobile-based financial platforms."

Such information leak incidents in the financial sector are not new. In December last year, a system overload in the MyData service ‘Hana Hap’ of Hana Bank, Hana Financial Investment, and Hana Card caused other people’s information to be accessed. Around the same time, big tech company Naver Financial also experienced a leak of asset information of about 100 members. Although neither case involved leakage of personally identifiable information, the timing ahead of the MyData business implementation raised concerns.

The industry points to service advancement as the cause of these frequent incidents. As mobile app services become more advanced and complex, such as by implementing a one app strategy to attract consumers, security vulnerabilities naturally emerge. A financial sector official said, "Integrating different data and systems from four sectors?cards, securities, life insurance, and fire insurance?is not easy," adding, "Even in the case of Monimo, although the personal information leak incident has been spotlighted, errors such as server delays continued right after launch, causing internal difficulties."

A card industry official said, "Although each financial company invests considerable manpower and funds, as services become more advanced, it is difficult to catch all errors perfectly during pilot and simulation processes," adding, "Thorough verification and testing must continue before launching new services."

Meanwhile, although different from the previous cases, the industry leader Shinhan Card is also struggling with credit card fraud issues. Around the 10th, some Shinhan Card users had their identities stolen, resulting in unauthorized charges amounting to hundreds of thousands of won without their knowledge. The number of victims is reported to be about 100. The Financial Supervisory Service has decided to conduct on-demand inspections of Shinhan Card, and separately, the police have also launched an investigation.