Shinhan Card headquarters in Seoul/ Courtesy of Shinhan CardSEOUL, December 23 (AJP) - Shinhan Card said on Tuesday information on about 190,000 merchants, including store owners’ mobile phone numbers, was leaked in an incident caused by an employee rather than a cyberattack.
According to financial industry sources, Shinhan Card confirmed the data leak through an internal investigation and reported the case to the country's Personal Information Protection Commission (PIPC).
The company said the incident was not the result of hacking or an external system breach, but involved an employee.
Most of the leaked information consisted of mobile phone numbers belonging to merchants, Shinhan Card said. Cases in which a phone number, name and date of birth were exposed together were limited.
The company said it has so far found no evidence that the employee sold the data or committed additional crimes, adding that the information appears to have been used to boost sales performance.
Shinhan Card said it launched an internal probe after the privacy watchdog contacted the company last month. Following about three weeks of data analysis, the company concluded that between March 2022 and May this year, an employee leaked information on roughly 190,000 merchants, including business registration numbers, store names and merchant-owner mobile phone numbers.
Shinhan Card has posted an apology and notice on its website and will allow merchants to check whether their information was affected. The company also plans to notify affected merchants individually.
A Shinhan Card official said further investigation is under way to determine whether the incident involved improper use of personal information beyond its intended purpose. The official said the company will move swiftly to provide compensation and other remedial measures if customer harm is confirmed.
Copyright ⓒ Aju Press All rights reserved.
