Hack on Lotte Card escalates, potentially exposing millions to security breach
In a series of major cyberattacks this year, South Korean retail giant Lotte Card has become the latest victim, with an ongoing investigation revealing a data breach that may have exposed the personal data of millions of its customers.
The breach, which went undetected for nearly two weeks from August 14 to August 26, follows similar attacks on GS Shop and Yes24. The initial report suggested that 1.7 gigabytes of data had been leaked, but the actual figure is expected to be much larger.
The Korea Communications Commission is currently conducting an investigation into the suspected data security breach at Lotte Card. The stolen data is believed to include payment histories and other sensitive cardholder details, posing fresh headwinds for MBK Partners' planned sale of Lotte Card.
MBK Partners, which owns about an 80 percent stake in Lotte Card since 2019, faces added scrutiny over its profit-first management. The probe is anticipated to conclude as early as this week, with CEO Cho Jwa-jin expected to issue a public apology and outline response measures.
President Lee Jae Myung has called for tougher cybersecurity rules, including heavier sanctions and punitive fines for companies that repeatedly suffer security incidents. FSS Gov. Lee Chan-jin urged card issuer CEOs to adopt a 'zero-tolerance' principle in reexamining cybersecurity infrastructure and meeting information-protection obligations.
The breach at Lotte Card is not the only cybersecurity concern in South Korea. In April, SK Telecom suffered a breach of its USIM server network, and unauthorized micropayments on KT Corp. users' phones revealed an unregistered micro base station in August, with investigations still ongoing.
As the investigation into the Lotte Card breach continues, affected customers will be notified once the investigation concludes. The breach may further complicate MBK Partners' efforts to sell Lotte Card, as potential buyers may be deterred by the data security incident.
