SBS뉴스

뉴스 > 경제

Woori Bank Reports Leak of Over 17,000 Customer Records; No Misuse Detected So Far

정성진 기자

입력 : 2026.07.03 17:21


▲ Woori Bank and Woori Financial Group

Approximately 17,000 personal records of Woori Bank customers have been leaked to an external party.

In a notice to customers today (July 3), Woori Bank stated, "A total of 17,551 personal records, which were being held arbitrarily by an external development firm, were leaked due to negligence by an employee of that firm."

The leaked information consists of Connecting Information (CI), which is encrypted data used to identify individuals online, and customer nicknames.

Sensitive personal information such as phone numbers, resident registration numbers, and home addresses was not leaked.

While CI is generated based on a resident registration number, it is encrypted, making it impossible to identify or trace a specific individual using the CI alone.

However, there is a potential for malicious use if the same CI has already been leaked through other websites and can be combined with other personal data.

The individuals affected by this leak are Woori Bank customers who had expressed interest in using an NFT platform service and consented to the provision of their personal information.

According to the bank, the information was shared with the external development firm during a project to build an NFT platform in September 2024.

Although the project has since concluded, an employee at the firm had been keeping the data arbitrarily and subsequently shared it on a developer platform, leading to the leak.

Woori Bank stated, "Upon becoming aware of the leak on June 30, we immediately blocked access to the relevant information through the development firm, reported the incident to the Personal Information Protection Commission, and posted a notice on our website."

Woori Bank added, "As of now, we have not identified any cases where the leaked information has been spread or misused online or offline."

Regarding the leaked data, the bank emphasized, "The user nickname is an alias entered voluntarily and is not a member ID or login account information. Furthermore, the Connecting Information is a value used to identify individuals online, and without being combined with other data, it cannot be used to identify a specific person based solely on the leaked information."

Woori Bank advised affected customers to exercise extra caution regarding calls from unknown numbers and clicking on URL links in text messages to prevent potential damages such as voice phishing or smishing.

The bank also added that it is applying a separate Fraud Detection System (FDS) to prepare for any potential incidents.

"We will use this incident as an opportunity to conduct a full inspection of personal information management at our development partners and rectify any shortcomings," Woori Bank stated. "If any damage occurs to customers due to this leak, we will verify it and provide compensation as quickly as possible."

(Photo: Yonhap News)