'Mass Customer Data Leak'... Fines Confirmed for Three Card Companies
[Asia Economy Reporter Baek Kyunghwan] The fines imposed on the three card companies?KB Kookmin, NongHyup, and Lotte Card?accused of causing a massive customer information leak have been finalized.
On the 14th, the Supreme Court's 2nd Division (Presiding Justice No Jeonghee) announced that it upheld the lower court's guilty verdict in the appeal trial of NongHyup Bank, KB Kookmin Card, and Lotte Card, who were prosecuted for violating the Personal Information Protection Act. NongHyup Bank and KB Kookmin Card were fined 15 million won each, and Lotte Card was fined 10 million won.
They had been on trial for negligence in managing work that allowed a contractor employee to freely extract customer information during the development of the Fraud Detection System (FDS) for credit card misuse prevention between 2012 and 2013. The leaked information included names, resident registration numbers, mobile phone numbers, credit card numbers, card limits, and usage amounts. At that time, the contractor employee was investigated for handing over the stolen personal information to loan brokers and pocketing tens of millions of won in return.
Due to this incident, NongHyup Bank experienced leaks of customer information for 21.97 million people in June 2012 and 22.35 million people in October 2012. KB Kookmin Card leaked information of 43.21 million people in February and June of the following year, and Lotte Card leaked information of 17.59 million people in December 2013.
The first trial court stated, "It is no exaggeration to say that the majority of South Korea's economically active population were victims in this case, which severely damaged social trust in the safety of the financial system," and recognized the violation of the Personal Information Protection Act as guilty, noting that the tangible and intangible social costs required to restore trust are enormous. However, regarding violations of the Information and Communications Network Act and the Credit Information Act, the court acquitted them, stating that although there was management responsibility for the contractor employee, punishment was difficult under the elements of the crime.
The second trial court said, "It is all recognized that the card companies failed to control UBS memory import/export, fulfill safety assurance obligations, and implement encryption measures," and "the sentence in the original trial corresponds to the upper limit of the legally prescribed punishment for the recognized crimes," dismissing both the defendants' and prosecutors' appeals.
Hot Picks Today
![About 100 Trillion Won at Stake... "Samsung Strike Is an Unprecedented Opportunity" as Prices Surge 20% [Taiwan Chip Column]](https://cwcontent.asiae.co.kr/asiaresize/93/2026051416263163580_1778743590.jpg)
About 100 Trillion Won at Stake... "Samsung Strike Is an Unprecedented Opportunity" as Prices Surge 20% [Taiwan Chip Column]
- "Heading for 2 Million Won": The Company the Securities Industry Says Not to Doubt [Weekend Money]
- "Envious of Korean Daily Life"...Foreign Tourists Line Up in Central Myeongdong from Early Morning [Reportage]
- "Anyone Who Visited the Room Salon, Come Forward"… Gangnam Police Station Launches Full Staff Investigation After New Scandal
- Did Samsung and SK hynix Rise Too Much?... Foreign Assets Grow Despite Selling [Weekend Money]
Although both the prosecutors and the card companies appealed, the Supreme Court finalized the ruling, stating, "There is no error in the lower court's legal judgment."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
