Shinhan Card, South Korea’s largest credit card issuer, said on December 23 that personal data linked to about 190,000 merchant representatives was improperly accessed and shared by employees over a three year period, highlighting ongoing concerns around internal data controls in the country’s financial sector.
The company said roughly 192,000 records were leaked between March 2022 and May 2025. The exposed information included names, mobile phone numbers, dates of birth and gender details of franchise owners.
Shinhan Card said no resident registration numbers, card details or bank account information were involved and that the incident did not affect general customers.
According to the company, the breach was uncovered after a whistleblower submitted evidence to South Korea’s Personal Information Protection Commission, prompting an investigation.
Shinhan Card began an internal review after receiving a request for information from the regulator in mid November.
Investigators found that 12 employees across regional branches in the Chungcheong and Jeolla areas had taken screenshots or photos of merchant data and shared them via mobile messaging apps with external sales agents.
The information was allegedly used to solicit new card applications from recently registered merchants, including restaurants and pharmacies.
Shinhan Card said verifying the scale o
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: