FSS Urges Lending Sector to Strengthen Security After Series of Hacking Incidents

The Financial Supervisory Service (FSS) has summoned CEOs from the lending sector to urge them to strengthen security measures. This comes amid a recent spate of hacking incidents and customer data leaks at lending companies, prompting the FSS to emphasize the need for stringent action.

On May 13, the FSS held a meeting with CEOs from 20 lending companies, presided over by Kim Hyungwon, Deputy Governor in charge of public finance. The FSS pointed out that these companies had neglected their obligation to establish security measures as stipulated by the Credit Information Act, which led to the hacking incidents.

Recent hacking incidents in the lending sector occurred when employees accessed external internet sites using work computers, resulting in malware infections. Lending companies with weak access controls, such as inadequate firewalls, failed to block hackers' intrusions, leading to leaks of stored customer information.

After stealing customer information, hackers posted listings for sale on the dark web or used the threat of media exposure to extort the lending companies, demanding compensation. Additionally, there were further crimes attempted, such as sending phishing emails to customers in the name of the lending company, claiming that "your debt will be forgiven if you transfer coins."

The FSS identified the root cause of the incidents as weak security, such as the lack of intrusion prevention and detection systems to respond to hacking attempts. As entities subject to the Credit Information Act, lending companies are obligated to establish and implement security measures. The FSS stated, "The fundamental cause of the hacking incidents was the lack of awareness regarding the importance of information security, leading to relatively insufficient attention and investment in security infrastructure."

Deputy Governor Kim Hyungwon stressed the need for the sector to strengthen security levels to prevent further hacking incidents. To prevent malware infections, he instructed that internet access on work PCs be strictly restricted. In addition, for larger lending companies that undergo security assessments by specialized security firms, any vulnerabilities identified should be addressed immediately.

The FSS also urged compliance with the obligation to establish and implement security measures under the Credit Information Act. If personal credit information is leaked due to inadequate security measures, institutions and their employees could face fines of up to 5 billion won and administrative penalties of up to 50 million won.

The CEOs of the lending companies who attended the meeting agreed on the importance of information security and the need for stronger security measures. They stated that they would raise awareness of information security among their staff and improve security systems, thereby creating an environment where financial consumers can use lending services with confidence.