Eastern hackers use phishing-led APT to steal millions from banks
Eastern hackers use phishing-led APT to steal millions from banks

The Korean Financial Supervisory Service (FSS) released a statement over the weekend, which revealed that the compromised data includes customer names, social security numbers, credit card numbers and expiry dates. The leak is said to affect at least 20 million users in a country of around 50 million people.

The source of the leak is said to be an employee from personal credit rating firm Korea Credit Bureau (KCB). The person apparently stole the information from internal servers at credit card firms KB Kookmin Card, Lotte Card, and NH Nonghyup Card while working as a temporary consultant, and was selling the data onto phone marketing companies, but has now been arrested.

As a result, regulators have launched investigations into the security measures employed by the aforementioned credit card companies, who themselves have vowed to cover any financial loss suffered by their customers.

South Korea has been a hotbed of data breaches in recent times. Just last month, a Citibank Korea employee was arrested for stealing the personal data of 34,000 customers, while hackers stole data from 8.7 million customers at KT Corp, the nation's second largest mobile operator in 2012. Local social networking site Cyworld and games developer Nexon have also suffered major data breaches in years gone by.

This latest breach once again reinforces the growing threats from companies' own employees, a rising issue since the NSA leaks from former CIA contractor Edward Snowden.

“As with recent government super leaks this breach once against demonstrates the threat that a malicious internal employee poses to organisations, no matter how robust their internet facing security is,” Rob Cotton, CEO at NCC Group, told SCMagazineUK.com, who said that stopping “motivated malicious employees” is “nigh impossible”.

"Whilst in this case it was allegedly the employee themselves, it could have easily been malicious code abusing the employee's legitimate system access. A robust organisational security posture is a blend of staff vetting, technical countermeasures, separation of duty and monitoring for egregious abuse of access legitimate or otherwise. Only by taking this blended approach can organisations hope to detect and minimise the impact from such attacks."

“Data leaks by employees or trusted partners, whether accidental or intentional, are still one of the biggest risks facing companies,” Keith Bird, Check Point UK managing director told SCMagazineUK.com.

“In 2013, our DLP survey found that 52 percent of knowledge workers regularly risk accidental breaches with unsafe computing practices, such sending emails to wrong addresses, or using unencrypted USB sticks. 

“So if a trusted person chooses to harvest and leak a large amount of data, the damage can be severe, in terms of remediation costs, fines from regulators and loss of reputation.  Trust is a precious commodity, and it's all too easily exploited.”