The financial authorities will launch an on-site inspection in connection with Shinhan Card's large-scale data leak. The financial authorities plan to take swift action under relevant laws if the inspection finds additional leaks of personal credit information.

The Financial Services Commission and the Financial Supervisory Service held an emergency countermeasure meeting on the 24th at Government Complex Seoul regarding Shinhan Card's apology for the data leak and decided on this response plan.

Shinhan Card headquarters in Euljiro, Jung District, Seoul./Courtesy of News1

At the meeting, the financial authorities identified the status and circumstances of the leak and discussed inspections and response directions regarding the possibility of personal credit information leakage.

According to the financial authorities, on the previous day Shinhan Card said that from March 2022 to on May, more than 192,000 pieces of personal information, including merchants' mobile phone numbers and business registration numbers, were leaked. It was the work of internal employees seeking to boost new card recruitment performance. The company's own inspection found that sensitive credit information such as account numbers or passwords was not included in the leaked data.

The Financial Supervisory Service (FSS) decided to immediately begin an on-site inspection at Shinhan Card to closely examine the possibility of additional leaks of personal credit information and the internal control systems related to information protection.

An official at the financial authorities said, "If additional leaks of personal credit information such as account numbers are identified, we plan to take swift measures in accordance with relevant laws, including the Credit Information Act."

The financial authorities also ordered effective protective measures to prevent secondary damage to merchants, such as voice phishing, using the leaked information. They will also review the entire card industry to see whether there have been similar information leak cases related to card recruitment. If necessary, they will switch to inspections. They strongly requested that the card industry conduct thorough internal checks, including employee information protection training and strengthened internal controls, to prevent similar cases from recurring. The financial authorities warned that they will conduct a comprehensive review of internal information protection systems not only in the card industry but across the entire financial sector and will hold parties strictly accountable if shortcomings are found.

※ This article has been translated by AI. Share your feedback here.