According to PandaLabs, South Korean credit rating company Korea Credit Bureau (KCB) has fallen victim to a cyber-attack resulting in the theft of personal financial information from 105.8 million banking accounts. The stolen information includes , including credit card numbers, names, phone numbers, email addresses and even passport numbers.
Unlike the cyber-attack launched on US company Target Corp, this time the criminals didn’t use a particular strain of malware to steal the information, but a KCB employee copied this information over a period of 11 months with the intention of selling it later to the highest bidder. The fact that the information stored by the company was not properly encrypted adds to the severity of the data breach.
One of the most worrying aspects of this attack is the huge number of users affected. It is estimated that the average citizen in South Korea has an average of 5 credit cards, which means that at least 21 million users may have fallen victim to this attack, approximately 42 percent of the country’s total population.
The implementation of some basic measures such as encrypting data, restricting the information accessible to each employee or having security systems in place that detect unusual activities could have prevented this massive data theft.