The police agency said Thursday it was investigating Hana Daetoo Securities over hacking and financial theft of a customer’s stocks.

A small investor’s securities account and certificate of authentication were alleged to have been recently hacked and stocks worth 10 million won ($9,000) sold, with the cash immediately withdrawn from the account, according to investigators.

Further, the brokerage unit of Hana Financial Group was found to have issued loans to the hacker, which was collateralized by the investor’s stocks. The firm reportedly conducted lax identity confirmation during the loan issuance procedure.

Though the cash settlement is carried out two days after share purchase or disposal, the immediate withdrawal was possible due to the secured loans.

Police are looking into the cyber security system of Hana Daetoo to see whether there were irregularities or financial scams involving any of its employees.

A spokesman for the brokerage firm confirmed the occurrence of the hacking incident, which took place by breaking a cyber firewall. He claimed that the customer should be held accountable for carelessness in protecting the financial data in his personal computer.

He also stressed that the Financial Supervisory Service downplayed the incident.

The firm clarified its position that it would internally discuss whether to compensate the victim for the damage after the police conclude investigations. It added that the financial watchdog has yet to hand down any guidance toward the customer’s petition.

Police, however, are probing the lax lending process, whereby the securities firm failed to call or email the customer for identity confirmation. The firm is of the position that the customer’s loan transaction occurred automatically right after the stock selling on his home trading system.

Market insiders share the view that stock trading by hackers on a HTS is rare.

“It (stock stealing) is more serious than leakage of customers’ private data. Financial authorities are obliged to scrutinize the crime if it is a fault of the brokerage firm,” said an official of a commercial bank.

The bank official predicted that it would not be easy for investigators to catch the suspect, as the money was transferred to a bogus account. He said there was a possibility that the money was embezzled by an insider.

Lawmaker are seeking legal grounds to make financial firms compensate hacking victims. Financial firms do not have an obligation to provide compensation as the current law simply blames the victim for negligence.

Banks have only launched compensation for victims of voice phishing after it is verified. More than 10,000 voice phishing scams were reported per annum for the past several years and average damages per year surpassed 80 billion won, FSS data showed.

In a similar vein, the nation’s overall financial sector has suffered massive data leaks over the past few years. While they include credit card companies, banks, insurance firms and stock brokerages, NongHyup Bank had reported hacking attacks on deposits worth a total 120 million won.

By Kim Yon-se (kys@heraldcorp.com)