[Alpha Biz= Kim Jisun] Lotte Card has confirmed that a recent hacking incident compromised the personal information of approximately 3 million customers, making it one of the largest breaches in Korea’s financial sector in recent years. Analysts point to reduced cybersecurity investments following MBK Partners’ 2019 acquisition of the company as a key factor behind the vulnerability.



According to data from the Financial Supervisory Service, Lotte Card’s annual spending on information security fell 14.7% from KRW 137 billion in 2021 to KRW 116.9 billion in 2024, despite growing threats. The company has since pledged KRW 110 billion in additional investments over the next five years, aiming to raise its IT security budget ratio to an industry-leading 15%. Planned measures include the introduction of Application Security Management (ASM), a dedicated “red team” for simulated cyberattacks, and an overhaul of firewall and detection systems.



The breach was initially reported as involving 1.7GB of stolen data but later confirmed to exceed 200GB. Sensitive payment data, including CVC codes, was exposed for an estimated 280,000 customers, raising concerns of fraudulent transactions. Critics also argue that Lotte Card’s delayed disclosure and underreporting indicate significant shortcomings in its incident response.



CEO Cho Jwa-jin publicly apologized on September 27, vowing to compensate verified secondary damages in full and offering all affected customers a complimentary 10-month, interest-free installment plan until year-end.



Meanwhile, a collective lawsuit is already taking shape, with an online community for victims attracting over 1,300 members within days. Legal experts note similarities to the 2014 mass credit card breach, which led to court-ordered compensation for affected customers.

 

 

 

 

[ⓒ 알파경제. 무단전재-재배포 금지]