DistantNews
Support us
๐Ÿ‡ฐ๐Ÿ‡ท South Korea /Crime & Justice

Woori Bank customer data leaked; bank says no immediate misuse risk

From Hankyoreh · () Korean

Translated from Korean, summarized and contextualized by DistantNews.

At a glance

News Named sources Outcome reported
  • Woori Bank reported that approximately 17,551 customer personal information records were leaked due to an employee's negligence at an external development company handling its NFT platform.
  • The leaked data includes linkage information (CI) and customer nicknames, but not sensitive details like phone numbers or resident registration numbers, and Woori Bank believes it cannot be used for criminal purposes in its current form.
  • The bank has blocked access to the leaked information, reported the incident to the Personal Information Protection Committee, and is notifying affected customers to exercise caution against potential phishing or smishing attacks.

Woori Bank has confirmed a personal information leak affecting around 17,551 customers. The incident occurred at a small external development company tasked with building the bank's non-fungible token (NFT) platform. An employee's error led to the exposure of customer data that the company had been storing.

The compromised data includes linkage information (CI), which is an encrypted identifier used for online identification, and customer nicknames. Crucially, sensitive information such as phone numbers, resident registration numbers, and addresses were not affected. Woori Bank stated that the leaked CI, a seven-digit number generated from resident registration numbers, is encrypted and cannot be used to identify individuals or be traced back on its own. Similarly, the leaked nicknames are arbitrary aliases and do not include login credentials.

Woori Bank became aware of the breach on the evening of June 30. The bank immediately took steps to block access to the compromised information through the development company. The incident has been reported to the Personal Information Protection Committee, and a public notice has been posted on the bank's website. While the bank assesses that the leaked information has not yet been spread or misused online, it acknowledges a potential risk if the CI data has been combined with other personal information already leaked from different sources.

Customers whose information was leaked are being individually notified. Woori Bank is advising them to be cautious of suspicious phone calls and text messages, and to avoid clicking on links from unknown sources to prevent potential voice phishing or smishing attacks. The bank has pledged to investigate and compensate customers promptly if any damages arise from this incident.

DistantNews Editorial

Originally published by Hankyoreh in Korean. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.