Lotte Card, whose internal data was leaked in a recent hacking incident, said on the 24th that from the 1st of this month through the previous day, among the 2.97 million customers whose information was leaked, about 650,000 applied for card reissuance, about 820,000 changed their card PINs, about 110,000 suspended their cards, and about 40,000 canceled their cards.
Lotte Card explained that, excluding duplicates, customer protection measures have been implemented for 1.28 million people, or 43% of all affected customers. In particular, for the 280,000 people with potential risk of fraudulent use, the company said protection measures such as card reissuance applications, PIN changes, card suspension, and cancellation have been carried out for about 190,000, or 68%.
Lotte Card is continuing additional guidance calls to customers who have not yet received protection measures, securing sufficient stock of blank cards needed for reissuance, and expanding the maximum number of cards issued per day. The company plans to complete protection measures for 280,000 customers before the Chuseok holiday.
On the 18th, Lotte Card sent individual notifications about the data leak to 2.97 million customers whose information was leaked. In particular, for some key-in transactions, the company sent texts guiding 280,000 customers to reissue their cards and conducted guidance calls in parallel so that “card reissuance” would be carried out as the top priority. On the 19th, it also sent notifications of no leak to general customers whose information was not leaked.
Lotte Card’s position is that no cases of fraudulent use caused by this cyber breach have been confirmed so far. There have been mentions linking typical recent phishing and overseas fraudulent payment cases with this cyber breach, but the company explained that, to date, not a single case of an attempted fraudulent use or actual consumer damage attributable to this cyber breach has been confirmed.
Lotte Card said it does not shift the burden of proof for fraudulent use onto customers, and that as soon as a damage case is received it halts billing and provides feedback after the company’s own verification.
Lotte Card’s position is that it will compensate the full amount of damage arising from this breach. It also says that for secondary damage caused by the data leak, Lotte Card will fully compensate if the connection is confirmed.