 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Jisun] South Korea’s Korea Communications Commission has imposed a fine and corrective recommendations on Lotte Card over a large-scale personal data breach.
The regulator said on the 29th that it approved a penalty of KRW 11.25 million and issued improvement orders following its fifth commission meeting.
Connecting Information (CI)—an encrypted identifier derived from resident registration numbers used to identify individuals online—was among the data exposed. The breach, which occurred last year, affected about 2.97 million users.
Following the incident, the commission conducted a special inspection of Lotte Card from September to November. It found that during the operation of the company’s “Pay Service,” logs on online payment servers contained sensitive data such as CI and resident registration numbers in unencrypted, plain text.
The investigation also revealed that Lotte Card had failed to establish internal guidelines for securely handling CI and lacked a proper incident response plan.
Hackers exploited the brief window before logs were encrypted to extract data. Among the leaked information were CI records of about 1.29 million users, with approximately 450,000 individuals having both CI and resident registration numbers exposed.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
