The country's largest-ever theft of personal financial data from KB Kookmin Bank, Lotte Card and NH Nonghyup Card involved more than 40 per cent of the country's 50 million population.
The case provoked fury when revealed by prosecutors last month, with thousands flooding the firms' branches for days to cancel credit cards or get new ones.
The three credit card companies will be banned from issuing new credit cards for three months until May 16, the Financial Supervisory Commission (FSC) said today.
Operations involving existing cardholders will be unaffected, the FSC said, adding each of the three firms will also be fined six million won (USD 5,640).
More From This Section
The data was stolen by an employee from personal credit ratings firm Korea Credit Bureau who once worked as a temporary consultant at the three firms. He was arrested last month.
The stolen data included names, social security numbers, phone numbers, e-mail addresses, home addresses, credit card numbers and even personal credit ratings.
Credit card usage is particularly high in South Korea, where the average adult has four or five cards.
The three-month ban on accepting new customers is the heaviest state penalty in the South's competitive credit card market, where customers often switch cards to get more benefits or rewards.
Many major South Korean companies have seen customers' data leaked in recent years, either by hacking attacks or their own employees.
An employee of Citibank Korea was arrested last December for stealing the personal data on 34,000 customers.
In 2012 two South Korean hackers were arrested for stealing data on 8.7 million customers at the nation's second-biggest mobile operator.