 |
Photo = Lotte Card |
[Alpha Biz= Kim Jisun] Seoul, Korea – Lotte Card has confirmed that it suffered a hacking incident but failed to detect it for more than two weeks, raising concerns over a possible leak of customer payment information. The Financial Supervisory Service (FSS) has launched an urgent on-site inspection in response.
According to data submitted by the FSS to the National Assembly’s Political Affairs Committee on September 2, the initial breach occurred at approximately 7:21 p.m. on August 14. Hackers infiltrated Lotte Card’s online payment servers on August 14 and 15, with two confirmed instances of data exfiltration. A further attempt on August 16 failed to extract files. However, Lotte Card did not detect the attack until August 31—17 days after the incident began.
The company reported the incident to regulators only on August 30. Lotte Card estimates that around 1.7 gigabytes of data may have been leaked. The FSS is currently investigating the exact contents of the exfiltrated files, but initial analysis suggests that online payment transaction records may have been included.
Lotte Card informed the FSS that it plans to strengthen security by installing additional antivirus solutions and conducting system scans. The company will also identify potentially affected customers and guide them to change their card PINs as a precaution.
The FSS instructed Lotte Card to establish a dedicated call center for affected customers and to ensure full reimbursement in the event of any fraudulent card usage. FSS Governor Lee Chan-jin also ordered the immediate activation of the agency’s emergency response system and on-site inspections to determine the cause and scope of the breach.
Under the Specialized Credit Finance Business Act, card companies are liable for compensating customers in cases of unauthorized card usage resulting from hacking or security incidents.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
