South Korea’s Supreme Court affirmed a lower court’s verdict to fine Kookmin Card, Lotte Card, and NongHyup Card between 10 million and 15 million won each for mishandling customer data.
The companies were found violating the Personal Information Protection Act by allowing subcontractors free access to customers’ information from 2012 to 2013.
NongHyup Card and Kookmin Card were each responsible for over 40 million customer data breaches in 2012, while Lotte Card had nearly 20 million data leaked in 2013.
The leaked data includes customers’ names, credit card numbers, phone numbers, and identification numbers.
Subcontractors, who illegally accessed the companies’ systems, sold the stolen data to loan brokers.
At the first trial in 2016, the Seoul Central District Court imposed the highest penalty on the companies.
The credit card companies' appeal was dismissed by the appellate court in March this year.
A fine of 10 million won is imposed on companies that mismanage personal data. The fine can go up to 15 million won if the breach is repeated.