Measures to Protect Personal Data from Illegal Circulation and UseJan 24, 2014

The FSC and relevant ministries held an emergency meeting on January 24 to come up with measures to protect personal data from illegal circulation and use in a joint effort to relieve financial consumers’ concern that illegally-circulated personal data could be used for fraudulent transaction.

BACKGROUND

Prosecutors announced (Jan.8 /Jan.19/Jan.21) that about 100 million credit card account details were leaked from Kookmin Card, Nonghyup Card and Lotte Card by a contractor with the personal credit rating company Korea Credit Bureau (KCB) over the course of a year beginning in December 2012. The contractor and the alleged buyers of the information were arrested; and the original files and USB of the stolen data were confiscated with no sign of further circulation.

The three credit companies said that there had been no financial damage reported so far related to the breach. The FSS found that sensitive information such as credit card passwords or CVC codes was not included in the stolen data. There is no concern that the leaked information would be used for fraudulent transactions.

The measures announced today are to take comprehensive and prompt actions against any possibility of financial fraud using illegally-circulated personal information in order to relieve people’s anxiety about their personal data safety.

1. PROTECT PERSONAL DATA FROM ILLEGAL CIRCULATION AND USE

Prosecutors, the police, and the FSS will immediately launch a joint crackdown indefinitely on illegal circulation and use of personal information. Particularly, unregistered money lenders will be subject to intense scrutiny. For those who illegally circulated and used personal data, prosecutors will demand the maximum sentence possible under the current law.

The FSS will conduct inspections on all financial firms to check how they manage customers’ personal data. Monitoring will be strengthened to detect financial fraud using illegally-circulated personal data.

Phone numbers suspected to be compromised by illegal money lenders or voice phishing will be suspended from being used. The FSC and the Ministry of Science, ICT & Future Planning (MSIP) are considering a measure to prevent suspicious callers from manipulating caller IDs.

All financial firms will be required to immediately report financial transactions suspected to use illegally-circulated personal data.

2. PREVENT ILLEGALLY-CIRCULATED PERSONAL DATA FROM BEING USED IN FINANCIAL TRANSACTION

The FSC will request financial firms to temporarily halt their marketing activities to sell loans through phone call, SMS or email until the end of March in order to preempt any possibility that illegally-circulated personal data would be misused for such activities.

In approving loan applications submitted through non-face-to-face channels, financial firms will be required to mandatorily check whether illegally-circulated personal data was used to attract clients. Financial companies will also be required to confirm details of loan process not only to loan planners but also to the clients.

FUTURE PLAN

The measures will be implemented immediately as soon as they are approved at the FSC meeting to be held on January 26.

- Prosecutors, the police and the FSS will immediately launch a joint crackdown on illegal circulation and use of personal data, under the supervision of Prime minister.
- The FSS will immediately se t up a report center for illegal circulation and use of personal data; and ask all financial firm s to report suspicious transactions as soon as they are detected
- The FSC will immediately direct financial firms to mandatorily check whether illegally-circulated data was used to attract clients before they approve loan applications submitted through non-face-to-face channels.

The FSC chairman will convene a joint meeting with relevant ministries on a frequent basis to ensure the measures are properly implemented.


*Please refer to the attached PDF for details.