The Financial Services Commission (FSC) in South Korea recently announced that it has imposed penalties on three domestic credit card companies for loss of data due to inadequate supervision and security measures. The three companies, KB Kookmin Co., Lotte Card Co., and the credit card division of NH Bank, must stop opening new accounts, extending credit through cash advances and loans, and participating in joint marketing initiatives with partners for a period of three months. The sanctions are effective immediately and are likely to hit the companies hard with millions of dollars in lost revenue, not to mention the cost of handling card withdrawals and replacements for over seven million accounts. Senior management personnel at the three companies have already resigned and are likely to face individual FSC penalties. The data loss appears to have occurred as a result of theft by an IT manager contracted by the companies using a simple USB device.
TIP: The severity of the penalties reflects the fact that the loss of data was so large and yet so easily achieved, indicating a fundamental lack of basic security measures and a lack of proper supervision. The message from the FSC is that companies operating in South Korea and subject to local laws must improve their practices, otherwise both companies and their management will be penalized.