BBC News reports that an IT employee of the Korea Credit Bureau (KCB) was recently arrested and charged with stealing personal data from customers of three South Korean credit card companies, copying the data onto a USB stick, and selling it to marketing companies (h/t Infosecurity).
Managers at the marketing companies that allegedly bought the data were also arrested.
At least 20 million credit card users' names, Social Security numbers and credit card numbers were exposed from card companies KB Kookmin Card, Lotte Card and NH Nonghyup Card. An official at Korea's Financial Services Commission told the BBC that the data was unencrypted and easy to steal.
As the BBC notes, 8.7 million KT customers' personal information was stolen in a similar incident in July of 2012, when the stolen data was also sold to marketing companies.