Lotte Card Reports Data Breach Affecting Nearly 3 Million Individuals

South Korean financial firm Lotte Card recently reported a data breach that exposed the sensitive personal information of nearly 3 million individuals.

 

Founded in 2002, Lotte Card is a leading financial services provider in South Korea, offering credit, debit, and prepaid cards. It operates as a subsidiary of the larger Lotte Corporation.

 

In a data security incident notice on its website, Lotte card said that on September 1st, it identified a security breach where threat actors infiltrated its internal network and stole confidential data. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“In the process of conducting additional investigation after the notice on September 1st, we confirmed the leakage of personal credit information of some members. Based on the results of the leak investigation on September 18, we have informed you that some of your personal credit information has been leaked,” Lotte card said.

 

The compromised data included connecting information, resident registration numbers, card-related information created and collected during the payment process, virtual payment codes and more.

 

“Lotte Card immediately deleted the confirmed malicious code after recognising the fact of the intrusion, and blocked the IP that was presumed to have been used by hackers,

 

“We immediately compensated for the security vulnerabilities of the system subject to infringement.

 

“In addition, we are strengthening the abnormal transaction monitoring system to the highest level and prioritising the prevention of damage to members,” Lotte Card added.

 

In a statement shared with local media, CEO of Lotte Card, Cho Jwa-jin said that threat actors accessed more than 200 GB of company data.

 

The investigation revealed that over 200 gigabytes of data were compromised,” Cho said, adding that “a total of 2.97 million users were affected by the breach, which occurred on the company’s online payments server.