Standard Charted Bank Korea Data Breach (2013)

Standard Charted (SC) Bank Korea and Citibank Korea are under fire for the leakage of about 130,000 customers' personal data by their employees, the largest information leak in Korean history, raising concerns over online security at banks. The prosecution has already arrested two employees from the foreign lenders, and financial authorities will soon launch a separate investigation into the leaks. According to industry sources, the personal data were leaked from branches in Changwon, South Gyeongsang Province. An employee from Citibank's branch there and another from Standard Charted Bank's subcontracted IT center were arrested for alleged violations of the Information and Communications Law. Some of the brokers and private loan service providers who bought the leaked data from them were also arrested. The employee at Citibank printed the data of 34,000 customers on 1,100 pieces of paper and gave them to private loan service providers in April, while the worker at SC's subcontracted IT center accessed the computer files of the lender, transferred the personal data of about 104,000 customers onto a portable storage device between November 2011 and February 2012 and sold it to a broker. The prosecution said the leaked information includes customers' names, phone numbers, their employers and the amount of any outstanding loans, which are also suspected of being used in a voice-phishing scam. As the prosecution has secured additional data of about 3 million customers at other financial firms from the private loan service providers in question, it will also focus on how such private information was collected. The leak is expected to put the already troubled banks into an even more difficult position. SC has already reduced the number of its branches by 20 percent due to a worsened performance. Its net profit dropped to 204.1 billion won last year from 271.9 billion won in 2011 and 343.8 billion won in 2010. The net profit for the first half of this year stood at 129.2 billion won. Citibank has also closed about 10 percent of its branches. It posted a gross profit of 353.7 billion won and a net profit of 27.9 billion won in the third quarter, which are 15.3 percent and 53.3 percent drops, respectively, compared to the same period last year. Regarding the leaks, the Financial Supervisory Service will investigate the two lenders to learn how the incidents took place and who was responsible. High-ranking officials at the banks could also face sanctions, as the incidents came after the watchdog repeatedly asked that security be enhanced after a series of computer data leaks and hackers' attacks on online financial transactions began in 2011. Most recently, Nonghyup Bank and Shinhan Bank were hacked into using unknown malware, although no personal information was leaked.