Nearly three million customers of Lotte Card have had their personal information compromised following a large-scale hacking incident, the company confirmed Wednesday. The breach, affecting 2.97 million cardholders, involved the exposure of data including linked information (CI), resident registration numbers, virtual payment codes, internal identification numbers, and types of easy payment services, according to a statement released by Lotte Card.
The revelation comes after a delayed response from the credit card company, which initially detected malicious code on its servers on August 26th, but only confirmed the data breach on September 1st. According to reports, the company discovered attempts at data exfiltration from its online payment servers on August 31st. The Financial Supervisory Service (FSS) has launched an investigation into the incident and Lotte Card’s handling of the breach.
Lotte Card CEO Cho Jae-jin issued a public apology, stating, “I sincerely apologize to our customers and related organizations for causing concern.” He acknowledged that approximately 280,000 customers are at risk of potential card fraud, specifically those whose card details – including card number, expiration date, and CVC number – were exposed. The company warned that these customers are vulnerable to “key-in” transactions, where card information is manually entered during payment.
The compromised data represents a significant portion of Lotte Card’s customer base, which totals approximately 9.6 million cardholders, making it the fifth-largest card issuer in South Korea. The FSS estimates the size of the stolen data to be around 1-2 gigabytes.
While Lotte Card stated that it has deleted the malicious code and is conducting a thorough investigation with external security firms, concerns are mounting over the delayed response and potential for further damage. The incident has prompted criticism regarding the company’s cybersecurity measures and its initial failure to recognize the severity of the attack.
The company has not yet released details regarding the specific methods used by the hackers or the origin of the attack. The FSS is currently investigating these aspects, along with the extent of the data breach and the potential impact on affected customers. Lotte Card has pledged full compensation for any financial losses incurred by customers due to the data breach.
