Shinhan Card reports internal data breach affecting 192,000 merchant representatives in South Korea

Shinhan Card, the credit card unit of Shinhan Financial Group and South Korea's largest credit card issuer, reports on December 23, 2025, that a significant data breach affected approximately 192,088 merchant records, compromising the personal information of around 190,000 small business owners. 

The breach was caused by internal employee misconduct. The investigation confirmed that twelve employees across multiple regional branches in the Chungcheong and Jeolla regions improperly accessed merchant data and used it for unauthorized credit card solicitation activities. The incident occurred between March 2022 and May 2025. 

These employees took screenshots or photos of merchant information and shared it via mobile messaging platforms with card sales agents, targeting newly registered merchants such as restaurants and pharmacies. 

The exposed data includes:

• Mobile phone numbers (181,585 cases)
• Names combined with mobile phone numbers (8,120 cases)
• Birth dates and gender information along with names and phone numbers (2,310 cases)
• Complete dates of birth with names and phone numbers (73 cases)

Shinhan Card CEO Park Chang-hoon issued an official apology acknowledging the severity of the incident and taking full responsibility for the breach. The company has pledged compensation if any harm to affected individuals is confirmed.