SEOUL (Reuters) - Hackers stole the personal information of about 200,000 South Korean credit card users, using some to make fake cards and rack up fraudulent charges of about 120 million won ($115,400), an official of the country’s financial regulator said on Friday.
The Financial Supervisory Service (FSS) said in a statement several suspects had late last year hacked into a server of a firm managing card payment processing terminals, and extracted data such as numbers, expiry dates and passwords for a point-amassing loyalty card.
The suspects exploited the fact that some users had the same pin number or password for both credit cards and the loyalty card to create fake cards and charge items earlier this year, an official with direct knowledge of the investigation said.
South Korean police, who are leading the investigation, have so far identified 268 separate cases of wrongful charges, said the official, who declined to be identified as the probe is still underway.
The leaked information, including that of cards issued by the country’s biggest credit card firm, Shinhan Card, did not include the credit card pin number or password, the regulator said, adding that card companies would reimburse damages from card forgery due to the hacking.
News of the hacking follows the revelation in January of a theft of personal information from more than 100 million South Korean credit cards and accounts, the largest of a series of scams against financial firms in South Korea going back to 2011.
Reporting by Joyce Lee; Editing by Clarence Fernandez