Lotte Card has been found to have not realized the hacking incident for 17 days.
According to data reported by the Financial Supervisory Service (FSS) to Representative Kang Min-guk of the National Policy Committee on the 2nd, the initial hacking incident at Lotte Card occurred around 7:21 p.m. on the 14th of last month. Following the 14th, online payment server hacking also took place on the 15th, with actual internal files being identified as having been extracted twice. The hacker attempted to hack again on the 16th of last month but failed to extract any files.
However, Lotte Card became aware of the hacking incident around noon on the 31st of last month. This means that it took them two weeks after the incident occurred to realize the situation.
According to Lotte Card, the scale of the leaked data is estimated to be about 1.7 gigabytes (GB). The FSS reported, "Based on the files that were unsuccessfully extracted, it appears to include online payment request details, such as card information." This suggests a potential risk of customer information leakage.
Lotte Card informed the FSS that they will "install additional vaccines, take measures for malware diagnosis, and identify potentially affected customers to guide them in changing their card passwords."
Representative Kang Min-guk noted, "As of June this year, there have been four hacking incidents, with leaked information numbering 3,142. Personal information leakage can lead to significant financial accidents that evolve into secondary and tertiary crimes once it occurs," adding that "it is urgent to establish stronger measures for sanctions against such hacking incidents by financial authorities."