What Caused the Data Leak Affecting Nearly 3 Million Lotte Card Customers?

Seoul, Sep 18 (NationPress) Lotte Card Co., the nation's fifth-largest card issuer, announced on Thursday that a hacking incident last month resulted in the exposure of personal data belonging to approximately 3 million customers. Fortunately, there have been no reports yet of improper use of this information.

According to Lotte Card, the compromised data, estimated to be around 200 gigabytes, contained sensitive details such as identification numbers, internal identification numbers, and connection information.

Additionally, the data breach involved card verification codes, card numbers, and the validity period for roughly 280,000 customers, critical information that could potentially expose them to credit card fraud, as reported by the Yonhap news agency.

Lotte Card's CEO, Cho Jwa-jin, publicly apologized and outlined response measures, which include full compensation for any damages reported due to the misuse of the stolen data.

"The leaked data was generated during the online settlement process via online servers between July 22 and August 27," Cho stated.

The CEO emphasized that the compromised information cannot be misused for offline transactions, as additional identification processes are required for online settlements, making it challenging to misuse the cards with just the breached data.

Earlier this month, Lotte Card, which boasts around 9.6 million members, admitted to a cyber breach. Since then, both the financial watchdog and the card company have been working to assess the repercussions of the hacking incident.

This data breach at Lotte Card marks the latest in a series of significant cybersecurity failures within the financial sector. Previously, Seoul Guarantee Insurance experienced a similar hacking episode.

Furthermore, Lotte Card's security breach comes at a time when Financial Supervisory Service Governor Lee Chan-jin has been urging financial institutions to enhance their cybersecurity measures and to better protect their customers.

In related news, the science ministry has launched an official investigation into an alleged attempt to sell personal data thought to have been leaked from South Korea's leading mobile provider, SK Telecom Co.

This development followed a global hacking group known as Scattered Lapsus$ announcing on its Telegram channel its desire to sell SK Telecom's client data for US$10,000, with reports indicating that 42 South Koreans had already made inquiries.

The government has also initiated a probe into KT Corp, the second-largest mobile carrier, which reported 278 cases of unauthorized mobile payments totaling 170 million won (approximately $122,000), heightening concerns regarding a potential leak of customer information.