Imagine waking up with your bank balance down to zero. This nightmare did actually happen to several South Korean customers. Twitterer Sitehis (@sitehis) tweeted ‘On April 15 early in the morning, My Nonghyup bank accounts showed 0 Korean Won.’ DongA Ilbo reported. [ko]

It has been six days the unprecedented breakdown in network systems of the National Agricultural Cooperative Federation, publicly known as ‘Nonghyup’, occurred. Most of the banking service has been stabilized now, but there are still minor glitches in the online and check-card transactions and the credit card’s cash advance service. Some of the damage will be hard to undo. Several bank transaction histories have been removed from the bank database and there is no major breakthrough in restoring the lost history.

On April 12, Nonghyup’s banking system totally shut down. The bank resumed its service three days later, on April 15, but with lingering failures. Apart from the basic banking services, such as withdrawing and transferring money by visiting offline banks in person, the credit card’s cash advance service and transactions via check card did not function smoothly. Errors also occurred in advance services such as processing and screening loan applications and postponing loan payment.

Customers have filed complaints against the bank. Although the bank promised to make complete compensation for the possible loss caused by the shutdown, experts commented the reimbursement process, though necessary, would create more chaos. In the case of customers losing a contract as they failed to transfer deposits by the due date, it would be hard to prove the bank failure has directly caused the loss, DongA added [ko]. Nonhyup at least exempted their customers from bank transaction fees.

There were two speculations: the systems being hacked by strangers or intentionally erased by insiders. The Prosecutor’s Office, pointing out that the hacker had commanded a ‘remove’ order in a code file form and erased the banking history, suspected insiders and summoned two to three employees who have unrestricted access to the server, reported [ko] Yonhap News. Its forensic team had found out that a suspicious USB had entered a notebook of IBM’s staff several times. IBM is the bank’s subcontracter in internet security and its employee’s laptop carrying a special code is believed to have started the problem.