Woori Bank customer data for 17,551 people leaked due to subcontractor error
Translated from Korean, summarized and contextualized by DistantNews.
At a glance
- Woori Bank reported a data breach affecting 17,551 customers, with personal information leaked due to an employee's negligence at a subcontractor.
- The leak occurred nearly nine months ago during a project for an NFT platform, but the bank only became aware of it recently.
- The compromised data includes customer nicknames and unique identifiers (CI), though the bank stated nicknames are self-inputted and unrelated to login credentials.
Woori Bank has disclosed a significant data breach impacting the personal information of 17,551 customers. The incident, attributed to the negligence of an employee at an external development company, occurred nearly nine months prior to its discovery by the bank.
Woori Bank announced on this day through a notice to customers that personal information of 17,551 cases, which were stored arbitrarily by an external developer who carried out the NFT platform construction project, was leaked last September due to the mistake of an employee of the company.
The leak happened during a project to build an NFT platform. The subcontractor, responsible for handling customer data, improperly stored and subsequently leaked 17,551 records. Woori Bank became aware of the breach on June 30 and immediately took steps to block access to the compromised information through the development company.
The exposed data includes customer nicknames and their unique identifiers (CI). Woori Bank clarified that customer nicknames are self-assigned for service personalization and are not linked to essential login information like user IDs or account details. The development company has reported the incident to the Personal Information Protection Commission and announced it on its website.
The leaked information includes two items: the customer's user nickname and linked information (CI). Woori Bank explained that the user nickname is an alias arbitrarily entered to express oneself within the service and is unrelated to membership ID or login account information.
Woori Bank stated its intention to provide further guidance to customers to minimize potential harm and protect their rights. The bank is currently assessing the extent of the data leak and its potential impact on affected individuals.
Woori Bank stated that it took measures to block access to the relevant information through the development company immediately after recognizing the leak on the 30th of last month.
Originally published by Dong-A Ilbo in Korean. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.