An unprecedented large-scale theft of customer data in South Korea has affected 20 million people, or about two-fifths of the country's entire population.

The data was lifted by a consultant working for a personal credit rating firm, Korea Credit Bureau, who accessed the user databases of three major credit card companies and sold the information to phone marketing companies.

The dimension [ko] of the confidential information stolen is truly terrifying: Not only basic information such as name, phone number and social security number were taken, but also critical data that could lead to serious abuses, such as credit card expiration date, annual income, residential status, credit limit, credit history and credit records. In some cases, as many as 21 kinds of personal information were stolen.

Right after the news broke, furious customers not only flocked [ko] to the card companies’ local stores, but shared via Twitter a very long list of their stolen personal data, followed by sarcastic comments and downright curses aimed at the firms and authorities:

이름 주민번호 카드번호 자택전화 자택주소 핸드폰 직장주소 직위 직장명 직장년소득 자가 전세 월세여부 비밀번호암호 질문 카드한도 타사카드정보 신용평점 결재계좌은행명 계좌번호 이런 유출인데 cvc 비번은 안털렸으니 걱정말라니 저 입을 찢으라 — 양선주 (@londongirl2008) January 20, 2014

Name, social security number, card number, home phone, home address, cell phone number, work address, work position, work place official name, residential status, password question, credit card limit, info of credit card by other firms, credit rating, bank account linked to the card… This kind of info was stolen. But still they say don't worry because at least the CVC (Card Verification Code) number was not stolen. I just want to punch them in the mouth.

@_2on_:성명 주민번호 휴대전화 자택전화 자택주소 직장정보 카드번호 유효기간 카드정보 결제정보 신용한도 연소득 이메일 직장번호 직장주소[…] 비번도 알려줘라

@_2on_: My name, social security number, cell phone number, home phone and address, work place info, card number, expiration data, card info, card payment info, credit limit, annual income, email, work number, work address have been stolen[…] Why don't you just give away my password as well?

Authorities try to assuage public anger by stressing that the breach has not yet lead [ko] to any real abuses, and several days later, released a package of counter measures [ko], which included more severe punishments placed on the affected firms (suspension of business and higher fines); limitations on financial firms from collecting unnecessary customer information and trading it to a third party; an extension of card customer service hours; and a five-year limit on storing previous customer data. The card companies vow to offer full compensation for the losses and reissue new cards upon request. Not many are satisfied.

신용카드 정보 유출 안된 사람 찾는게 쉬울 정도입니다. 카드 재발급이 가장 안전한 방법이라면 사용자의 요청이 있으면 재발급할게 아니라 카드사가 나서서 전면 재발급해줘야 합니다. — 이창호 (@changho15) January 19, 2014

They need to know that is is much easier now to find someone whose info has not been stolen. Reissuing credit cards upon quest? If that is the most effective way, then they should replace every customers’ cards, not just someone who requests it.

The most unpopular measure regulators announced was creating an additional step in the identification process, meaning more hassle for customers:

유출은 기업이 하고, 불편은 고객이 지라는 이상한 발상. RT @tebica: 개인 정보 유출 종합대책 발표 중 “카드번호 결제 시 추가 본인 확인 절차 도입” 때문에 벌벌벌 떨고있습니다 — 이인묵(LEE Inmook) (@redsox_cs) January 22, 2014

It is the companies who leaked the info, but it is the customers who have to bear with the inconvenience caused by the incident. What weird logic. RT @tebica: Authorities are now announcing comprehensive measures against the personal information breach and one of their measures, “adoption of one more identification step when making credit card transactions”, makes people shudder.

It is not the first data theft of a national scale, but is certainly one of the largest. Many called for more fundamental measures. Twitter user @leesns tweeted:

개인정보 유출 사건이 벌써 몇 번인가? 현행 주민번호 더 이상 개인 식별의 기능을 하지 못하고 범죄 악용될 알리바이를 만들어 주었다. 주민번호 제도 완전 폐지하든가 완전 다시 짜야 한다. 신용카드 전부 재발급하고 수집정보 거래 금지해야 한다. — 이창수(법인권사회연구소) (@leesns) January 20, 2014