Pierluigi Paganini February 11, 2020

Unauthorized use of customer information by Woori Bank, ‘crime act’ for customers. The bank changed 23,000 passwords in 2018 without consent.

It is controversial that Woori Bank changed the passwords of 23,000 customer dormant accounts without consent in July 2018.

The accounts are deactivated if there is no transaction for one year after their opening. However, some branch employees of Woori Bank modified the passwords and as a result of the operation, the accounts have been reactivated.

This incident has been a major controversy since the media reported, and Woori Bank found that employees’ random passwords were discovered in their audits and reported to the Financial Supervisory Service (FSS), stressing that the operation was conducted by some employees and not by organized criminal gangs.

In this regard, the FSS said, “At the time of (2018), Woori Bank prepared a countermeasure against recurrence and confirmed that there were no similar cases in the whole banking sector. “We didn’t take any action or cover it up for more than a year.”The FSS added, “We are aware of the materiality of the matter and will proceed promptly to take necessary measures such as customer guidance.”

The incident represents a privacy infringement for customers that did not know about the changes. The FSS has yet to give an explanation as to why it has not communicated to the victims. Article 71 (Penalty) of the Personal Information Protection Act states that a person who impairs, loses, alters, falsifies, or leaks another person’s personal information without proper authority is subject to imprisonment of not more than five years or fined not more than 50 million won.

Woori Bank employees involved in the case activated their dormant accounts by granting temporary passwords to their dormant customers’ accounts, and I think we should follow the FSS’s investigations in the future.

On the other hand, an official of Woori Bank, who met with the SecuN magazine, said, “I think it’s because we are a branch.
Indeed, performance pressures on employees in banks have been controversial. However, no amount of performance pressure can justify such criminal activity.”

In the era of the Fourth Industrial Revolution, when the importance of personal information protection is emphasized worldwide, the irresponsible behavior of banks that handle sensitive personal information and the unresponsive response of related ministries are the individual are worrisome.

This is a trend that shows how low the awareness of information security is.

About the author: 최형주 Hyung-Joo, Choi  Editor

The original post is available on the Secun website:

http://www.cctvnews.co.kr/news/articleView.html?idxno=160196

Pierluigi Paganini

(SecurityAffairs – Woori Bank, banking)

[adrotate banner=”5″]

[adrotate banner=”13″]