Almost half of the population of South Korea have had their credit card details leaked by an employee at a credit ratings company.
The details taken included the names and social security numbers of credit card holders, which were copied and then sold by a contract worker for the Korea Credit Bureau to marketing firms.
It is believed that the data of 20 million South Koreans was stolen using a USB drive. The contract worker and bosses at the marketing firms have since been arrested.
The Financial Services Commission (FSC) said in a statement: "The credit card firms will cover any financial losses caused to their customers due to the latest accident."
Executives at the financial companies involved have offered their resignations by way of accepting responsibility for the leak, including 27 from KB Financial's banking and credit card units.
Shin Je-yoon, chairman of the FSC, has assured credit card users that it is unlikely their details will be distributed.
"Personal information was leaked, but hasn't been distributed," Je-yoon said. "I see people are really worried that the information leak could lead to misuse of their credit cards, but that's unlikely."
It is the largest ever theft of personal details in South Korea, following similar data leaks in the country in the past few years.
In 2012 the personal details of 8.7 million South Korean mobile users were leaked, while in 2011 hackers stole the data of 33 million people in South Korea from a popular website.