Data Security: Alleged Cyberattack against South Korean Banks
The largest South Korean banking network had to face a three days interruption, due to, in its opining, a cyberattack (no cash withdrawal, card payment or lending was possible and nearly 5.4 million cardholders could not access their account balances and history). The financial authorities are now carrying out an investigation to make sure the National Agriculture Cooperative Federation (Nonghyup) did comply with the required security recommendations.
After several incidents, a large number of complaints have been filed and some customers now ask for financial compensation. This case reminds us of an earlier incident which also caused service interruption and allowed fraudsters to retrieve the data of 420,000 customers of Hyundai Capital.
Class actions lawsuits will be filed against these two banks.
The banks are responsible for the restitution of the funds stolen from the customers due to these intrusions: in fact, they have to be vigilant and are responsible for the security of the data they store and process.
In France, Article L132-4 of the Code monétaire et financier specifies that the cardholder is not responsible in case of fraudulent online or other distant payment made with his means of payment. Likewise, he cannot be deemed responsible if a copy of his card is used. If he notifies that he disagrees with a payment, the corresponding amount is credited on his account by the card issuer.
Even if complaints have been filed against the fraudsters, these procedures seldom come to a conclusion and hardly anyone is ever arrested. In fact, these fraudsters can be located in other countries, responding to other laws and can be very hard to trace. Implementing and complying with security recommendations contributes to avoid these risks. It is only natural that the systems of the implied banks be audited to identify potential vulnerabilities likely to have helped them with their malicious enterprise.