Twelve manager-level employees at Shinhan Card accessed internal systems for more than three years from Mar. 2022 to May this year, stole merchants' representatives' personal information, and passed it to card solicitors to direct sales, the company said. Shinhan Card has not determined how far the stolen personal information has spread.
Shinhan Card said on the 23rd that 192,088 items of personal information, including mobile phone numbers, names, dates of birth, and gender, of its merchants' representatives were leaked. The leaked personal information consisted of ▲181,585 mobile phone numbers ▲8,120 mobile phone numbers + names ▲2,310 mobile phone numbers + names + dates of birth + gender ▲73 mobile phone numbers + names + dates of birth.
The 12 Shinhan Card employees are found to have accessed the system storing merchant information for more than three years and extracted merchants' representatives' personal information through various methods such as memos, photos, and captures. They sent the stored personal information to solicitors via messengers such as KakaoTalk and directed sales. They called merchant representatives to recommend signing up for cards. Pharmacies and restaurants must register as merchants to accept card payments.
Some of the solicitors who received the personal information were reportedly not affiliated with Shinhan Card. A Shinhan Card official said, "There is a possibility that card solicitors not affiliated with Shinhan Card received personal information. It is not possible to identify who received how much information."
The personal information leak came to light when an anonymous tipster reported to the Personal Information Protection Commission (PIPC), saying they had evidence that merchants' representatives' personal information at Shinhan Card had been leaked. In response to the PIPC's request to substantiate the tip, Shinhan Card reviewed 280,000 merchant records starting on the 13th of last month and confirmed the leak on the 5th. Shinhan Card said it announced the leak on this day because it took time to accurately determine the types and scale of the leaked personal information.
Shinhan Card said, "We sincerely apologize for the concern caused by this incident. We will do our utmost to protect customers and prevent similar cases from recurring."