Lotte Card has confirmed that it was subjected to a hacking attack from an external source. Currently, there is no confirmation of customer information leakage; however, traces of external attackers accessing the online payment server have been discovered, and a thorough investigation is underway.
According to the financial sector on the 1st, Lotte Card identified that a specific server was infected with malware during a server inspection on the 26th of last month. Following a detailed examination of all servers, two types of malware and five types of web shells (a method of attack that executes commands on a web server to gain administrator privileges) were found on three servers and were promptly deleted.
Subsequently, while Lotte Card was conducting an investigation into the potential for further breaches and information leaks, traces of an external attacker attempting to leak data from the online payment server were revealed on the 31st of last month.
Lotte Card stated that, as a result of a thorough analysis conducted through an external investigation agency, no serious damage has been confirmed to date in terms of customer information or major data leaks, or ransomware infections.
A Lotte Card official noted, "We have confirmed that there has been no leakage of personal information through the investigation by external agencies," and added, "We plan to continue the investigation going forward."