A South Korean software developer has managed to loot unencrypted credit card data from a company that processes payments. The data of at least 20 million South Koreans is said to have been sold on.
A hired software developer started working for Korea Credit Bureau in early 2012, the South Korean government announced. There he had access to customer data from three major credit card companies. The man had to develop software to detect possible credit card fraud. The data, including names, credit card data and social security numbers, was unencrypted and was placed on a USB stick by the software developer and sold to a number of marketing companies. It would involve more than 80 million credit card numbers from more than 20 million South Koreans.
According to the authorities, the software developer has been arrested and there is no evidence that the stolen data was actively misused. Some people who allegedly bought the credit card data were also arrested.
Besides the fact that the data was stored unencrypted, the three affected credit card companies would not have discovered the theft until authorities informed them. The companies, KB Kookmin Card, Lotte Card and NH Nonghyup Card, have apologized and promised to investigate the matter. The South Korean financial regulator further reports that the financial institutions will compensate any losses incurred by customers.