jasdooit

It has come to light that the personal details of around 190,000 people were exposed from Shinhan Card. The data leaked included self-employed individuals who are merchants with Shinhan Card, with their names and mobile phone numbers being part of the information that was compromised.

On the 23rd, Shinhan Card stated that it discovered a breach involving merchants’ personal data and notified the Personal Information Protection Commission (PIPC). It is said that the leak happened when an employee from one of its sales branches shared the merchants’ personal information with a card recruiter.

Usually, self-employed people enter into merchant agreements with each credit card company when setting up card terminals, during which their personal details, such as names and mobile numbers, are shared with the credit card companies. Shinhan Card stated that an employee at its sales office had, over a span of three years and two months from March 2022 to May of this year, accessed the personal information of merchants who had recently signed contracts and provided it to card recruiters. The reason was reportedly to boost performance by turning merchants into new cardholders.

As per Shinhan Card, the exposed data comprised the business names and addresses of 192,088 merchant locations, alongside the personal mobile phone numbers, names, birth dates, and genders of the merchants’ representatives. In most instances, 181,585 cases, only mobile phone numbers were disclosed. There were 8,120 cases where both mobile phone numbers and names were exposed. Furthermore, 2,310 cases involved the leakage of mobile phone numbers, names, birth dates, and genders, while 73 cases concerned the exposure of mobile phone numbers, names, and birth dates.

Nevertheless, Shinhan Card mentioned that confidential personal details, including merchants’ resident registration numbers, along with financial data such as card and account numbers, were not exposed. It further noted that the personal information of regular customers, apart from merchants, remained secure.

An inquiry regarding this data breach started following a report filed with the PIPC, which claimed that the personal details of Shinhan Card merchants had been disclosed. On the 12th of last month, the PIPC asked Shinhan Card for related documents, leading the company to carry out an internal review during the subsequent month.

Shinhan Card has issued a statement regarding the personal data breach and offered an apology on its official website, while also setting up a platform for merchants to verify if their details were exposed. A representative from Shinhan Card mentioned, “Although no harm caused by the leaked information has been verified yet, the company intends to offer compensation proactively if any damages arise.”