Information from at least 200,000 South Korean credit card holders was confirmed stolen earlier this week.
The personal information was used to create fake cards and make charges worth at least $115,000, according to Reuters.
South Korea's Financial Supervisory Service (FSS), the country's financial regulator, suspects that several hackers accessed a firm's point-of-sale terminals to get card numbers, expiration dates and passwords to a specific loyalty card program.
The country's police have uncovered more than 250 cases of fraudulent charges and believe the hackers exploited card users who used the same pin number and password for both their credit cards and loyalty card.
Shinhan Card, South Korea's largest credit card provider, also had some of its data breached, but no pins or passwords.