Credit card details from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.Rico says the NSA would do well to find out who these guys are and smash them. (And, no, those card company managers are not, alas, presenting their necks for well-deserved beheadings...)
The names, social security numbers, and credit card details of twenty million South Koreans were copied by the IT worker.
The scale of the theft became apparent after the contractor at the center of the breach was arrested. Managers at the marketing firms which allegedly bought the data were also arrested.
Early reports suggest that the contractor got hold of the giant trove of data thanks to the access Korea Credit Bureau enjoys to databases run by three big South Korean credit card firms. The contractor stole the data by copying it to a USB stick.
Regulators are now looking into security measures at the three firms— KB Kookmin Card, Lotte Card, and NH Nonghyup Card— to ensure data stays safe. A task force has been set up to investigate the impact of the theft.
The three bosses of the credit card firms involved made a public apology (photo) for the breach.
In a statement, the Financial Services Commission, Korea's national financial regulator, said: "The credit card firms will cover any financial losses caused to their customers due to the latest accident." Another official at the FSC said the data was easy to steal because it was unencrypted and the credit card firms did not know it had been copied until investigators told them about the theft.
This theft of consumer data is just the latest to hit South Korea. In 2012, two hackers were arrested for getting hold of the details of 8.7 million subscribers to KT Mobile. Also, in 2011, details of more than 35 million accounts of South Korean social network Cyworld were exposed in an attack.
In a related story, it seems that some guys did get caught:
Two men suspected of accessing details illegally of 8.7 million users of South Korea's largest fixed-line phone operator, KT Corp, have been arrested. The company says hackers stole subscribers' names, phone and personal identification numbers, and then sold the data to telemarketers. The hackers made an estimated billion won ($877,000) from the sale.And, no surprise, the North was behind another hack:
An illegally installed computer program had collected subscribers' information over several months, KT Corp said. "It took nearly seven months to develop the hacking program and the suspects had very sophisticated hacking skills," the company told the Yonhap News agency.
The company apologised to its subscribers, promising to "strengthen the internal security system and raise awareness of security among all employees to prevent causing inconvenience to customers," Yonhap News quoted KT as saying.
In July of 2011, South Korea said it had traced the theft of data from 35 million accounts from the Cyworld website and the Nate web portal, both run by SK Communications, to computer IP addresses based in China.
In April of 2011, hackers targeted a government-backed bank in South Korea. And in May of the same year, data on more than 1.8 million customers was stolen from South Korean consumer finance company Hyundai Capital.
In November of 2011, one of South Korea's main games developers, Nexon, was hacked, with personal details of thirteen million users of its MapleStory online game stolen.
Government ministries, the National Assembly, the country's military headquarters, and networks of US forces based in South Korea were also hit by hackers in 2011.
Prosecutors in South Korea say North Korean hackers were behind an attack that paralysed a leading bank last month. Banking operations at Nonghyup, a South Korean farm co-operative, were halted by the cyber intrusion, leaving customers unable to access their money. The Seoul prosecutors' office called it "unprecedented cyber-terror deliberately planned" by North Korea. It said the software used matched that used in earlier attacks by Pyongyang.Rico says that, given the precarious position of North Korea, it oughta be easy to take down their ability to communicate with the outside world, even if it means shutting down China, too. (And they've been doing their own hacking of late, so they deserve it...)
Prosecutors said that a laptop used by a subcontractor "became in September of 2010 a zombie PC operated by the North, which... later remotely staged the attack through the laptop".
One of the Internet Protocol (IP) addresses used to break into Nonghyup's system was the same as one used in March of 2013 for a distributed denial-of-service (DDoS) attack that originated in North Korea, they added.
The software used in the incident was also similar to that employed in July of 2009, when a number of South Korean government websites were attacked, the prosecutors said.
The latest attack caused a three-day service outage at the bank, also called the National Agricultural Co-operative Federation, and caused the records of some credit card customers to be deleted.
South Korean media outlets have in the past accused North Korea of running an internet warfare unit aimed at hacking into US and South Korean government and financial networks.
The two Koreas technically remain at war following the 1950-53 Korean War, and tensions have been high in recent months in the wake of two deadly incidents.
South Korea blames North Korea for sinking its Cheonan warship in March of 2010, with the loss of 46 lives, although North Korea denied any role in the incident. Four South Koreans were also killed when North Korean troops shelled a border island in November of 2010.
No comments:
Post a Comment