A Mysterious Data Breach Exposed over 1 Million Payment Cards in South Korea in Just Two Months

Stolen personal data gets bought and sold on the dark web every single day. Monitoring these illegal markets and the trends that emerge on them is high on security companies' priority lists. This way, they can see what the criminals are interested in and offer better protection to the users and organizations that are most likely to be attacked. They can also spot data breaches that have already occurred but have remained unreported. Recently, for example, researchers from Gemini Advisory saw the trading of data leaked during what could be a massive attack against South Korean users.

More than 1 million South Korean payment cards offered for sale on the dark web

According to Gemini's August 1 report, between May 29 and late July, cybercriminals put up more than 1 million records containing stolen payment card data for sale. Very nearly all of them belong to South Korean citizens, and although the source of the leaked information is still unknown, Gemini believes that the attack was aimed at a single organization that possibly has interest in multiple different businesses and operates in a variety of different locations.

The source of the compromised data is still unknown, but the information suggests that it was stolen during a card-present scenario, which means that the attack wasn't aimed at an online service provider. This does limit the range of potential victims somewhat. The cards were stolen either from a bank, a Point-of-Sale (PoS) system at a restaurant or a store, or via card skimming devices installed on ATMs. South Korean card issuers adopted EMV chips quite a while ago, which makes the last option rather unlikely.

The cards are sold for around $40 apiece

In addition to witnessing the payment cards of a large number of people change hands, Gemini's experts also got to see one of the most basic economic principles in action. In their report, they noted that last year, the demand for South Korean payment cards wasn't especially huge, and consequently, the price of this type of compromised information wasn't too high. According to Gemini, in 2018, buyers were shelling out an average of $28 per card.

During the first half of 2019, however, the criminals started showing more interest in stolen financial data from this region of the world, and the demand has been so huge over the last few months, that despite the influx of over 1 million compromised cards, the price still climbed through the roof. Gemini says that the leaked data is traded at a median price of about $40 per record.

It's still unknown whether the demand for South Korean cards will continue to increase. It's also difficult to say whether we'll ever learn where the stolen data comes from. The experts did draw parallels between this stream of stolen payment card data and an incident from earlier this year. During it, cybercriminals used PoS malware, which helped them steal about 2 million credit cards belonging to customers of six restaurant chains. If the comparisons between the two incidents are well-founded, we should soon know the name of the attacked organization. Until then, cardholders not just in South Korea but all around the world should keep a close eye on their bank statements and watch out for any unauthorized transactions.