The sensitive personal information of more than 15 million customers of KB Kookmin, NH Nonghyup and Lotte credit card were exposed in Korea's biggest data leak to date.
Financial authorities put the minimum number of victims at 15 million when excluding customers who have since died, corporate card holders and overlapping identities.
The leak exposed not only their mobile, home and office phone numbers but information such as home and work addresses, bank accounts, passport numbers and other personal details.
On Jan. 8, the Financial Supervisory Service said analysis of the data that was leaked showed "all information related to a customer's credit status" was exposed. Over the weekend it confirmed that much more than that has been compromised.
Fortunately, passwords and CVC codes -- the three-digit number on back of credit cards -- did not leak out, the investigation revealed.
But just the card number and expiry date are enough to buy products on home-shopping networks and to order pizza by phone, authorities warned.
They also warn against spam and voice phishing calls using the information.
The FSS said the culprit, who has been arrested, did not sell the leaked information to criminal organizations, but customers are still nervous.
The leaked information also includes 1.27 million files from Kookmin Bank and NH Bank, as well as Shinhan, Hana and Woori Banks and other small banks, revealing the gaping hole in the security systems of financial institutions.