Emergency Countermeasures Meeting Convened
The Financial Services Commission announced that it has convened an emergency countermeasures meeting regarding the Shinhan Card data breach incident and will commence an on-site inspection.
On December 24, the Commission, led by Secretary General Shin Jinchang, convened an emergency countermeasures meeting on the Shinhan Card data breach incident to assess the situation and circumstances of the leak. They discussed inspection and response measures regarding the potential leakage of personal credit information, ways to prevent further damage caused by the data breach, and measures to prevent recurrence of similar incidents.
Shinhan Card confirmed that an internal employee leaked the personal information of franchise owners to external parties in order to recruit new card members, and reported the breach to the Personal Information Protection Commission on December 23. According to the company’s internal investigation, approximately 192,000 pieces of personal information-including business registration numbers, business names, franchise addresses, franchise phone numbers, mobile phone numbers, names, dates of birth, and more-were leaked between March 2022 and May of this year.
Based on the company’s internal investigation, the leaked information appears to be personal information that does not include credit information. However, the Financial Supervisory Service is currently verifying whether any personal credit information was also leaked.
The Financial Services Commission and the Financial Supervisory Service are closely cooperating with the Personal Information Protection Commission, which is currently investigating the data breach. The Financial Supervisory Service plans to immediately begin an on-site inspection at Shinhan Card to thoroughly investigate the possibility of additional personal credit information leakage and to review internal control systems related to information protection. If further leaks of personal credit information-such as account numbers-are identified, the authorities will promptly take action in accordance with the Credit Information Act and other relevant laws.
The government has requested that Shinhan Card implement effective protection measures to prevent secondary damage to franchise owners, such as voice phishing or pharming, resulting from the leaked information. These measures include customer notifications and guidance on preventive actions, activation of a dedicated response system, monitoring for any incidents of damage, and prompt compensation if necessary. The authorities will rigorously manage and supervise to ensure these measures are implemented swiftly and without fail.
The Financial Supervisory Service has also decided to immediately review all card companies to determine whether there are similar cases of information leakage related to card recruitment. If necessary, these reviews will be escalated to inspections. Card companies have been strongly urged to conduct thorough self-inspections, strengthen employee information protection training, and enhance internal controls to prevent recurrence of similar incidents.
The financial authorities stated, "We will thoroughly inspect internal information protection systems not only in the card industry but across all financial sectors, and if any deficiencies in internal controls are found, we will hold those responsible strictly accountable."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
