 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Jisun] Shinhan Card, South Korea’s largest credit card issuer, has reported a personal data breach affecting an estimated 190,000 merchant representatives to the Personal Information Protection Commission (PIPC).
In a statement posted on the company’s website on Dec. 23, CEO Park Chang-hoon apologized, explaining that the leaked data primarily consisted of mobile phone numbers belonging to approximately 192,000 merchant representatives. In some cases, additional information such as name, date of birth, and gender was also included.
According to Shinhan Card, the leaked data comprise 181,585 cases of mobile phone numbers only; 8,120 cases of phone numbers with names; 2,310 cases including phone number, name, birth year, and gender; and 73 cases including phone number, name, and full date of birth—totaling 192,088 records.
The company said the incident was not caused by external hacking but by misconduct by an internal employee who improperly used the data for new card recruitment purposes. Shinhan Card emphasized that there is no indication the leaked information was further disseminated.
The firm added that no resident registration numbers, card numbers, account numbers, or other sensitive financial information were compromised, and that the breach does not involve ordinary customer data beyond merchant representatives.
The incident came to light after a whistleblower reported evidence of the data leak to the PIPC. The regulator requested materials from Shinhan Card on Nov. 12, and the company began an internal investigation the following day by cross-checking submitted evidence with internal records.
Shinhan Card has publicly disclosed the findings to date, issued an apology, and is individually notifying affected merchant representatives. It has also set up a dedicated webpage allowing individuals to check whether their information was included in the leak.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
