Kakao Pay, South Korea's major mobile payment service provider, is under investigation for allegedly leaking 54 billion records of personal credit information to China's Alipay without users' consent.
Alipay received sensitive data from over 40 million customers between April 2018 and July 2023.
This massive data transfer has raised serious concerns and outrage in South Korea, prompting legal action against Kakao Pay's leadership.
On August 12, the Financial Supervisory Service (FSS) revealed that it discovered the unauthorized data transfer while inspecting Kakao Pay's foreign exchange transactions.
According to the FSS, Kakao Pay transferred customer credit data to Alipay under the pretext of calculating NSF (Non-Sufficient Funds) scores, which Apple requires for App Store partnership.
After the leak was discovered, the civic organization Freedom Korea National Defense Corps filed a complaint against Kakao Pay's CEO, Shin Won-keun, and former CEO, Ryu Young-joon, accusing them of violating the Credit Information Use and Protection Act.
The complaint emphasizes that if the FSS had not investigated, millions of Korean citizens' data would have continued to be transferred to China without protection.
The case was initially filed with the Seoul Central District Prosecutors' Office but has since been transferred to the Suseo Police Precinct in Seoul for further investigation.
Police are currently in the early stages of the investigation and have announced plans to summon the civic group's leader for questioning.
Kakao Pay’s Defense
Kakao Pay has denied any wrongdoing, claiming that the data sharing was part of a legitimate outsourcing process to comply with Apple's strict fraud prevention requirements for App Store payments.
The company cited Article 17, Paragraph 1 of the Credit Information Use and Protection Act, which states that personal credit information can be outsourced without direct customer consent for processing purposes.
Kakao Pay also clarified that the data transferred to Alipay was not used for any other purposes, such as marketing, and insisted that the information was shared solely to support payments on Apple's platform.
The police investigation is ongoing, and Kakao Pay is still under scrutiny. According to local media reports, the police intend to question key figures in the case to determine whether Kakao Pay's actions violated privacy laws.