The Financial Services Commission is reviewing a plan to impose a six-month business suspension and a 5 billion won penalty surcharge on Lotte Card, where member personal information was leaked in a hacking incident. This is the maximum level of sanction that can be imposed on a financial company under current law. The commission is also discussing recommending the dismissal of Lotte Card executives and seeking the dismissal of frontline employees in connection with this case.
According to the office of Rep. Yun Han-hong of the People Power Party on the 26th, the commission is considering the highest level of disciplinary action under relevant laws, including the Electronic Financial Transactions Act, the Credit Information Act, and the Specialized Credit Finance Business Act, over violations detected in the Financial Supervisory Service inspection of Lotte Card.
The commission explained to Rep. Yun's office, "Under the relevant laws, up to six months of business suspension and up to a 5 billion won penalty surcharge are possible." A six-month business suspension is the highest level of discipline under the Specialized Credit Finance Business Act. A 5 billion won penalty surcharge is also the maximum under the Electronic Financial Transactions Act.
The commission is also reviewing recommending the dismissal of the CEO and other executives responsible for the leak, as well as seeking the dismissal of the employees in charge. Under current regulations, the financial authorities can impose sanctions on institutions and internal executives and employees that caused property losses to financial transactors. For executives, they can issue a recommendation for dismissal, suspend execution of duties, issue a reprimand warning, an advisory warning, or an admonition; for employees, they can impose dismissal, suspension, pay cut, or reprimand. In particular, if an executive leaves office due to sanctions by the financial authorities, reemployment is restricted for a certain period.
The commission said, "By comprehensively considering the seriousness of the violation and whether there was intent or negligence, it is possible to recommend up to dismissal for executives and to seek up to dismissal for employees."
The commission decided to finalize the disciplinary plan based on the results of the FSS investigation. Earlier, on the 14th of last month in the afternoon, Lotte Card suffered a hack that led to the leak of internal files. The leaked data amounted to about 200GB, affecting 2.97 million people. It is known that the hack exposed some members' resident registration numbers, CVC (the three-digit number on the back of the card), and internal identification numbers.