At Shinhan Card, the No. 1 player in the credit card industry, personal information including 192,088 mobile phone numbers, names, dates of birth, and gender was leaked. The leaked information was the information of franchise (merchant) representatives, and a Shinhan Card employee siphoned it off to recruit new cardholders. Shinhan Card said resident registration numbers, card numbers, and account numbers were not leaked.
According to Shinhan Card on Dec. 23, the leaked personal information totaled 192,088 items: 181,585 mobile phone numbers; 8,120 mobile phone numbers and names; 2,310 mobile phone numbers, names, dates of birth, and gender; and 73 mobile phone numbers, names, and dates of birth.
Shinhan Card said, "As it was found to be the misconduct of an internal employee for new card recruitment, it is assessed that there is no concern that the leaked information will spread further elsewhere. The leaked personal information is unrelated to general customer information."
The Shinhan Card employee who leaked the information is said to have passed the merchant representative information to 12 people, including card recruiters, for card sales. The card recruiters used the illegally obtained information to solicit and issue credit cards.
The personal data leak came to light when a tipster reported to the Personal Information Protection Commission, saying they had evidence that some personal information of Shinhan Card merchant representatives had been leaked. The tipster filed the report on Nov. 12, and, at the request of the Personal Information Protection Commission, Shinhan Card checked merchant information starting on the 13th of last month and identified the leak on the 5th.
Shinhan Card said, "We express our deepest apologies for the concern caused by this incident. We will do our utmost to protect customers and prevent similar cases from recurring."