wiredmikey writes: While the recent data breach that hit Target has dominated headlines lately, another massive data breach was disclosed this week that affected at least 20 million people in South Korea. According to regulators, the personal data including names, social security numbers, phone numbers, credit card numbers and expiration dates of at least 20 million bank and credit card users was taken by a temporary consultant working at the Korea Credit Bureau (KCB). The consultant later sold the data to phone marketing companies, but has since been arrested along with mangers at the companies he sold the stolen data to. A similar insider-attack occurred at Vodafone late last year when a contractor made off with the personal data of two million customers from a server located in Germany. According to a study from PwC, organizations have made little progress developing defenses against both internal and external attackers, and insiders pose just as great a security risk to organizations as outside attackers.