Go to contents

Hackers stole personal data via POS terminals

Posted April. 12, 2014 05:19,   


As servers for transaction settlement at coffee shops and convenient stores that offer credit card-based payment service have been hacked, membership information on more than 200,000 subscribers, including those to Shinhan Card, No. 1 player in the domestic card industry, has been leaked. When more than 100 million cases of customer information were leaked from KB Card, NH Nonghyup Card, and Lotte Card early this year, some already raised concern that information could also be leaked via terminals at stores offering credit-card payment service.

The Finance Supervisory Service said on Friday that customer information of more than 200,000 credit cards has been stolen due to a hacking incident involving a company managing point of sale (POS) terminals, which was recently detected by the National Police Agency. Credit card information that has been leaked through the hacking involved 35,000 cards issued by Shinhan Card and 30,000 each by Kookmin Card and Nonghyup Card. Among the provincial banks, information of some 17,000 credit cards issued by Gwangju Bank has been hacked. Information of thousands of cards issued by Industrial Bank of Korea and Citibank Korea has also been leaked.

According to financial regulatory authorities and the police, hackers stole credit card numbers, expiry dates, and passwords for mileage points by hacking servers of the firm in charge of managing POSs at stores subscribing to credit card-based payment service. By so doing, the hackers learned credit card passwords, and illegally withdrew cash from customers’ accounts. Police have so far detected illegal withdrawals amounting to a total of 120 million won (115,800 U.S. dollars) in 268 cases. A source at the Financial Supervisory Service said, “Credit card companies involved, including Shinhan Card, are currently advising their clients who had their information leaked to have their cards reissued,” adding, “Card firms are compensating the entire losses to the subscribers.”

Financial regulators have decided to replace POS terminals installed at 650,000 small businesses subscribing to credit card service with terminals designed for integrated circuit (IC) cards with advanced security by next year. Compensation for the hacking will be funded by the credit card industry, which raised 100 billion won (97 million dollars).