Police in South Korea say they are currently investigating a data breach at credit card firm Samsung Card after a company employee allegedly leaked the personal data of hundreds of thousands of customers.
According to a recent Reuters report, the Seoul Metropolitan Police Agency raided Samsung Card's headquarters in Seoul on September 8 in search of evidence pertaining to the case.
South Korean news provider Yonhap News reported that Samsung Card had asked police to conduct the investigation when it discovered that an employee may have leaked the information. Samsung Card said the extent of the damage is unknown, though Reuters estimated that the employee sold personal information of 800,000 customers to illegal spam providers.
"We detected a security breach in July and found out one of our staff was involved in the incident. We filed a complaint against him," a Samsung Card official said, according to Yonhap. "He refused to comment, so it's been hard to check exactly how many customers were harmed."
Samsung Card's incident marks the third major data breach in South Korea in recent months, with prior data security failures suffered by Internet service provider SK Communications in July and commercial bank Nonghyup in April. These incidents have sparked fear in the minds of many South Korean consumers, who worry that lax cybersecurity practices may be putting their sensitive information in jeopardy.
The incident is also likely to stir concerns among businesses about internal data breaches. According to a study by Verizon, 17 percent of all data breaches in 2010 were carried about by internal agents.
According to Reuters, these recent attacks have spurred the South Korean government to create a "cybersecurity master plan" for businesses and government organizations. However, there are a number of steps a company itself can take to avoid such threats. One of the measure measures is implementing a security policy that establishes rules on physical equipment, such as memory sticks and mobile devices. Additionally, a company may benefit from utilizing data protection technology, such as encryption and password protection.
While no method can guarantee a breach won't occur, a sound approach to data security can be extremely effective for mitigating most risks. Companies that employ strict data security policies and practices are generally better prepared to deal with cyber threats than those that treat data protection as an afterthought.