The information security budget of Lotte Card, which had some data leaked in a hacking incident, has recently shown a declining trend. Last year, Lotte Card's information security budget decreased by about 15% compared to 2021. Criticism has been raised that the reduction in the information security budget has led to vulnerabilities in the security system.
According to materials received through the Financial Supervisory Service by lawmaker Yoon Han-hong of the People Power Party on the 8th, Lotte Card's information security budget (including labor costs) spent for network security at the end of last year was 11.6 billion won. While this was a slight increase of 1.7% compared to the end of the previous year (11.4 billion won), it was a decrease of 14.7% compared to 2021 (13.7 billion won). The information security budget executed until the first half of this year is 5.9 billion won, and it is expected that the annual figure will be similar to last year.
In 2020, Lotte Card's information security budget increased nearly twofold from 6.9 billion won in 2020 to 13.7 billion won in 2021. However, in 2022, it recorded 8.8 billion won, a decrease of 35.4% compared to the previous year. In 2023, it rebounded to 11 billion won and has maintained a similar level until now.
A Lotte Card official said, "In 2021, we built a system to respond to natural disasters and computer errors, which temporarily increased the budget," adding, "Excluding 2021, the information security budget has been on an upward trend overall."
In contrast, the internal and external information security personnel increased during the same period. Lotte Card's information security personnel increased from 20 in 2020 to 35 by the first half of this year.
On the afternoon of the 14th of last month, Lotte Card experienced a hacking incident where internal files were leaked. The file leak attempts were reported to have occurred over three days until the 16th. During this process, internal files were leaked twice on the 14th and 15th, and while hackers attempted to leak files on the 16th, it is known that they failed to extract them. The initial infection point of the malware has not yet been confirmed. Lotte Card realized the leak during the server synchronization process on the 26th, 12 days later. The total volume of the leak is said to be 1.7GB (gigabytes), and it is believed to contain payment-related information.
Professor Yeom Heung-yeol of the Department of Information Security at Soonchunhyang University noted, "There are many parts that incur expenses when establishing a security network," adding, "Reducing related expenses can lead directly to a decrease in the quality of the security process."