NORMAN — Remember the great Target Stores credit card hack of 2013? 110 million Target customers, including myself, had their credit card information put at risk and/or stolen last November and December because of Target’s crummy Internet security practices.
In typical American fashion, nobody lost their job or even got yelled at because of this massive act of negligence, which resulted in the largest theft of credit card information in world history. Sure, there were some hearings on Capitol Hill back in early February, but not much happened, outside of Target bigshot John Mulligan saying he was “deeply sorry.”
Contrast that with how things are handled in South Korea. In January, news came out that an IT employee of the Korea Credit Bureau had been arrested for stealing account information from the customers of three South Korean credit card companies and selling it to marketing companies.
The managers of those marketing companies were also arrested. Over 20 million customers, 40 percent of the entire population, were affected.
Seems the credit card companies had been storing the account information in an unencrypted database, an act of criminal negligence in the payment card industry. As such, the thief simply copied it all to a USB flash drive and easily sold it to his accomplices.
The fallout from this was swift and decisive. Gov. Choi Soo-hyun, chief regulator of South Korea's Financial Supervisory Service, promised stern punishment of the responsible parties. “We will hold them fully responsible for the data leak if their sharing of client data among affiliates and lax internal control turn out to be the cause,” he said. Last week, regulators also banned the three credit card companies from adding new customers or offering new services or products for the next three months.
The reaction from the South Korean credit card companies was stunning. There was no beating around the bush, no evasive answers at mealy-mouthed Congressional hearings, no covering up and dodging the issue, no making excuses about how they had been out-smarted by genius super-hackers, no running away from responsibility. The three credit card firms said they would fully cover any financial losses suffered by their customers from scams linked to the data leak.