The Financial Supervisory Service has punished credit finance lender IBK Capital for leaking private information of its customers, FSS officials said Tuesday.
The state financial regulator said it issued a 6 million won ($5,500) fine and individual cautions to two executives and three employees of the capital firm.
The five are held responsible for exposing names and contact numbers of some 5,700 customers without consent in 2012, the FSS said. About 700 of these customers had their credit rating information stolen as well.
The FSS also issued an institutional warning to the company. Receiving three institutional cautions in one year results in an institutional warning, which is a higher level of penalty.
While recent financial security leaks revolve much around hacking of financial institutions’ database, the traditional method ― insiders leaking and appropriating customer information ― is still dominant, security experts said.
“More than half of the leaks in customers’ private information are in fact done by insiders,”- an engineer of the nation’s top-notch information technology security firm said, under the condition of anonymity.
Aside from secondary lending institutions like IBK Capital, the country’s top-ranked banks have faced public allegations of appropriating customers’ private information ― including the certificate of information usage authorization and the private information of borrowers’ families ― for business purposes.
Nikolay Fedotov, Senior InfoWatch analyst comments: «As we can see, the penalty is quite small, for $1 for the victim, even given a number of compromised records and the nature of the company.
I think the much more important role is played by public notification of the violation and the punishment. Intentional and legal damage to business reputation of someone who leaked data, must have a much greater effect than just a penalty. The more competitive market in the country and the industry, the more effective is the "official warning" compared with the penalty.
It is necessary to focus on the money sanctions for countries and industries with no competition».
