Security researchers discovered that hackers have compromised more than one million payment card records and posted for sale on the Dark Web since May 29, 2019. A recent report, from cybersecurity firm Gemini Advisory, revealed that South Korea is the largest victim of the Card Present (CP) data theft in the entire Asia-Pacific (APAC) region.
“While the entire Asia Pacific (APAC) region is experiencing a noticeable uptick in attacks against brick-and-mortar and e-commerce businesses, South Korea has emerged as the largest victim of Card Present (CP) data theft by a wide margin,” Gemini Advisory stated in its report.
Gemini Advisory stated that it observed around 42,000 compromised South Korean-based CP records posted for sale in the dark web. The report also highlighted that June 2019 had 230,000 records, which is a 448% spike and July was even more drastic with 890,000 records, a 2,019% increase when compared to May’s figure.
The report explained about CP fraud, which involves collecting payment card data from in-person transactions. The attackers to do this by installing malware into a system that has point-of-sale (POS) devices on its network. Another method of accessing CP record is via skimmers that are installed at ATMs or POS terminals, according to the research report.
“While the exact compromised point of purchase (CPP) remains unclear, these records may have been obtained from the breach of a parent company that operates several different businesses in a variety of locations. It is also possible that a point-of-sale (POS) integrator was breached, allowing a threat actor access to a single integrator service that interfaces with many merchants,” the report added.
Nearly half of the South Korean population got affected when their sensitive information was compromised by an insider at the Korea Credit Bureau in 2014. The credit rating company stated that around 20 million records were stolen, which included customer names, phone numbers, social security numbers, credit card numbers and their expiration dates.
The investigation concluded the data breach was done by a temporary consultant at the Korea Credit Bureau (KCB), who gained unauthorized access to the customers’ data from the company’s server and sold it to marketing firms. The culprit and the people who purchased the stolen data from him were later arrested.