About 17,000 items of customers' personal information at Woori Bank were leaked through an outside developer.

Woori Bank said in a customer notice on the 3rd that "17,551 items of personal information that an outside developer had been keeping without authorization were leaked due to the negligence of an employee at that firm."

Woori Bank headquarters in Jung-gu, Seoul/Courtesy of Woori Bank

According to the bank, the leaked personal information is the connecting information (CI), which is encrypted data used to identify individuals online, and customers' nicknames. It was confirmed that member IDs, login account information, passwords, and financial transaction information were not leaked.

Woori Bank shared information with an outside developer in the course of carrying out a non-fungible token (NFT) platform build project in Sep. 2024. The project later ended, but an employee at the firm kept the information without authorization and shared it on a developer platform, causing it to be leaked externally.

Woori Bank even received a confirmation letter from the outside developer that customer information had been destroyed, but that was not true.

Woori Bank said, "Upon recognizing the leak on the 30th, we immediately blocked access to the related information through the developer, reported it to the Personal Information Protection Commission, and posted a notice on our website." The bank added, "So far, we have found no cases of the leaked information spreading or being misused online or offline. Also, connecting information is a value used to identify individuals online, and unless combined with other data, the leaked information alone cannot identify a specific individual."

Woori Bank urged affected customers to be especially cautious about answering calls from unknown numbers and clicking URL links in text messages to prevent possible damage from voice phishing or smishing. The bank also said it has applied a separate abnormal financial transaction detection system (FDS) to head off potential incidents.

Woori Bank said, "We will use this incident as an opportunity to conduct a full review of how developers manage personal information and take corrective action where needed," adding, "If this leak causes damage to customers, we will verify it as quickly as possible and provide compensation."

※ This article has been translated by AI. Share your feedback here.