Although a branch employee at Shinhan Card siphoned off 192,088 pieces of merchant owners' personal information for more than three years starting in March 2022, Shinhan Card did not grasp the facts at all until an anonymous tipster reported it. The card industry also points out that granting branch employees the authority to view merchant owners' personal information was a problem.
According to Shinhan Card on the 24th, 12 manager-level employees at Shinhan Card accessed the internal system from March 2022 to May this year, photographed merchant owners' personal information with their mobile phones, handed it to card solicitors, and directed sales. The personal information leaked in this way totals 192,088 items, including merchant owners' mobile phone numbers and names, gender, and dates of birth.
In April last year, there was a case at Woori Card in which merchant owners' phone numbers and other data were leaked. Woori Card employees also handed merchant owners' personal information to card solicitors and directed sales. Woori Card recognized the leak through its internal control system, and the Personal Information Protection Commission (PIPC) imposed a penalty surcharge of 13.451 billion won on Woori Card in March.
Other card companies do not grant employees the authority to view personal information as a privacy protection measure. In particular, merchant owners' mobile phone numbers are strictly managed because solicitors are highly likely to try to access and extract them to boost sales performance. Even card companies that allow employees access only let them confirm merchant owners' names and addresses.
An official at a card company said, "Merchant owners' mobile phone numbers are information that must be managed sensitively because solicitors often share them among themselves," and added, "Some card companies do not even build search or information verification systems."
Shinhan Card explained that it allowed some employees access because merchant owners' mobile phone numbers are sometimes needed for work. A Shinhan Card official said, "There are cases where complaints arise at merchants or where joint marketing is conducted. There is no problem with looking them up and using them for legitimate purposes. It became a problem because they were used for other purposes."