Lotte Card Confirms Personal Data Breach Impacting 2.97 Million Customers After 200GB Hacking Incident

Lotte Card has disclosed that a data breach compromised the personal information of approximately 2.97 million customers, following a hacking incident that resulted in some 200GB of data being stolen.

On September 18, Lotte Card CEO Jo Zwajin issued a public apology at a press conference held at Buyoung Taepyong Building in Jung-gu, Seoul, stating, "I sincerely apologize for the concern caused to our customers and related organizations."

According to CEO Jo, "Of all customers affected, there are 280,000 people whose leaked information—including card numbers, expiration dates, and CVC numbers—could potentially be used for fraudulent card transactions." He explained that the risk pertains mainly to "key-in" transactions, where card details are manually entered, which could allow unauthorized use.

Jo further clarified that these 280,000 customers are specifically those who registered their card information for new payment services or e-commerce sites between July 22 and August 27. "We will prioritize reissuing cards to these customers," he promised.

For the remaining 2.69 million affected individuals, Jo emphasized, "Only a limited subset of information was leaked, and this information alone is not sufficient to enable fraudulent transactions." He also reassured customers that the breach was confined to online payment servers and did not affect offline transactions, adding, "No customer names were exposed in this leak."

Initially, Lotte Card had reported a 1.7GB data leak to financial authorities on September 1. However, further investigation revealed the breach actually involved about 200GB of data. The hacking occurred on August 14, but the company did not become aware of the incident until the end of the month. "On August 26, evidence of an external hacker's intrusion into our online payment server was discovered, and on August 31, an attempt to export 1.7GB of data was detected," Jo explained. "On September 2, on-site inspections were launched by the Financial Supervisory Service and the Financial Security Institute, and during that process, the full scale of the 200GB data leak was uncovered."

As a remedy, Lotte Card has pledged to fully compensate any damages suffered by customers. Jo stated, "Lotte Card takes full responsibility and will offer complete reimbursement for all losses related to this incident. Should any secondary damages be confirmed as linked, we will also provide full compensation." Additionally, all affected users will be given 10-month interest-free installment benefits through the end of the year, and the 280,000 customers whose cards need to be reissued will have their annual fees waived next year, with no cap.

The company now plans to bolster its cybersecurity infrastructure. "An enterprise-wide emergency response system will be launched under the direct supervision of the CEO," Jo said. "Over the next five years, we will invest 110 billion KRW in information security to create our own security control infrastructure and will complete a comprehensive talent overhaul within the organization by the end of this year." He concluded, "It is my ultimate duty as CEO to ensure zero customer losses and to minimize inconvenience."

Note “This article was translated from the original Korean version using AI assistance, and subsequently edited by a native-speaking journalist.”

Photo=Yonhap News