The news from South Korea is unsettling. An employee of South Korea's largest credit card company has reportedly leaked personal information belonging to over 192,000 customers. The information was leaked by an employee, not hackers, and this has resulted in major concern for many consumers, myself included.
How Did This Happen?
In conducting an internal investigation, the credit card company found that an employee accessed customer data that he or she was not authorized to view and abused their access privileges. The following types of data were accessed:- Names
- Credit card numbers
- Account information
Why Insider Breaches Are Serious
In this case we look at these three issues:- Risks do not only come from hackers, there are other sources of risks
- The access provided to staff must have strong restrictions
- Companies must monitor the activities of all internal employees closely
What Action Did The Company Take?
The card company terminated the employee involved, notified regulatory authorities, commenced to correct the weaknesses of its internal controls. They started to contact customers that were impacted by the breach. Although these actions help to resolve the issue, it would have been preferable for the company to have stopped this problem prior to it occurring!What Should We Do If We Are Affected By Data Breaches?
If you experience a data breach, then you should:- Review your monthly credit card statement often
- Report any unauthorized charges within the first 24 hours after you become aware of them
- Be cautious regarding telephone calls or other forms of communication related to the incident