SEOUL, South Korea -- American troops may have been among the victims of hackers who stole information from more than 1 million U.S. and South Korean credit cards and listed it for sale on the dark web over the past three months, the military said.
The thefts targeted unspecified business and financial entities in South Korea and included information on at least 38,000 U.S.-issued payment cards, according to an alert distributed by the Eighth Army via its Facebook page.
An unnamed credit union that provides services at U.S. Air Force bases in South Korea was among the potentially compromised organizations, it said.
Citing the large number of U.S.-issued payment cards involved and the significant presence of American troops in South Korea, the Major Cybercrime Unit-Korea said it could "assess with medium confidence that the purchase cards of U.S. service members may have been included in this compromise."
The stolen information was listed on the dark web since the end of May, according to the notice, which was based on information from the Korea Office of the Major Cybercrime Unit, U.S. Army Criminal Investigation Command.
The notice advised people worried that their credit card information was stolen to place a "fraud alert" on their credit reports and to monitor their accounts for signs of identity theft.
Gemini Advisory, a security firm, also reported the credit card data theft on Aug. 1, saying the hackers had apparently managed to capture the information before it was encrypted as the cards were swiped at the merchants or at ATMs.
That would enable the fraudsters to clone the cards and use them to make illegal purchases, it said. Transactions made using cards with embedded computer chips, also known as EMV chip technology, would have been secure, according to the report.
The New York-based firm first observed information from 42,000 compromised South Korean-issued cards posted for sale on the dark web in May, which it said is generally in line with recent trends.
However, the number spiked to 230,000 records in June and 890,000 in July, according to Gemini Advisory.
"This spike currently consists of over 1 million compromised South Korea-issued CP records posted for sale in the dark web since May 29," it said, referring to the term CP fraud that involves collecting payment card information from in-person transactions.
It said 3.7% of the compromised records were U.S.-issued cards and many were believed to belong to American cardholders visiting the South.
Gemini Advisory warned that South Korea is becoming a major target for such attacks due to vulnerabilities in its purchasing infrastructure including failure by merchants to use the chip technology.
"While the entire Asia Pacific (APAC) region is experiencing a noticeable uptick in attacks against brick-and-mortar and e-commerce businesses, South Korea has emerged as the largest victim of Card Present (CP) data theft by a wide margin," it said.
Some 28,500 American troops as well as family members and civilian contractors are based in South Korea, which remains technically at war with the North after their 1950-53 conflict ended in an armistice instead of a peace treaty.
The Eighth Army couldn't immediately provide more information and it was unclear what effect the thefts may have had.
A South Korean official, who spoke on condition of anonymity to discuss the issue, said the police cyber terror investigation unit was not investigating the reports because nobody had come forward with a formal complaint.
Stars and Stripes reporter Yoo Kyong Chang contributed to this report.