The three company bosses make their public apology.
Most of the credit card holders in South Korea have been affected by a theft of customer data, local media in the country has reported.
Prosecutors say that information linked to 80 million cards – including salaries, monthly card use, credit rating and card numbers – has been taken.
The theft has caused widespread public concern, with cardholders rushing to bank branches, overloading call centres and visiting service websites to try to find out if their information has been stolen. No financial losses have been reported.
Shin Je-Yoon, chairman of the regulator the Financial Services Commission, said the three credit card companies involved – Lotte Card, KB Financial Group and NongHyup Bank – had failed to provide adequate security.
Bosses at the companies have made a public apology and authorities have pledged to improve security measures.
The regulator has urged the companies to be on their guard for data theft not only from hackers, but also by employees and contractors.
Prosecutors say an employee of Korea Credit Bureau, a contractor used by the companies, stole the data by copying it to a USB device.
The worker, who was responsible for developing new software to detect credit card fraud, sold the data to a loans company, prosecutors allege.
Cho Sung-Mok, a director at the Financial Supervisory Service, said the data was unencrypted and the companies were not aware of the breach until prosecutors began to investigate.
NongHyup Bank’s card division did not notice the data breach for more than a year while KB was unaware for over six months, it is claimed.