Shinhan Card Says Employees Leaked Data of 190,000 Merchants

South Korea’s reported on Tuesday a significant data breach involving more than of its partnered merchants, attributing the leak to employee misconduct rather than an external cyberattack. The company confirmed the incident didn't compromise sensitive financial data or the personal information of its general customer base.

What Was Compromised

According to , the leaked information includes the mobile phone numbers, names, and dates of birth of merchant representatives. The company was quick to reassure stakeholders that highly sensitive data—such as resident registration numbers, card numbers, or bank account information—was not exposed. The breach is confined strictly to merchant operator data.

An Inside Job Fueled by Performance Goals

The company stated the incident was linked to misconduct by employees aiming to boost their new card recruitment performance. At least employees from or more sales offices are believed to be involved. They allegedly provided the merchant data to card solicitors without proper marketing consent.

Response and Mitigation

Shinhan Card has reported the suspected breach to the country's Personal Information Protection Commission. The employees involved have been removed from their duties, and the company is considering filing criminal complaints. While no financial damage related to the leak has been identified so far, has pledged to actively compensate any victims should damages be reported.