The Financial Supervisory Service has reportedly decided to impose a 4.5-month business suspension and a 5 billion won penalty surcharge on Lotte Card over the large-scale hacking incident last year. A "reprimand warning" for former CEO Cho Jwa-jin was also included.
According to the financial sector on the 30th, the Financial Supervisory Service (FSS) finalized Lotte Card's disciplinary plan with these details at the sanction review committee that day.
Early this month, the Financial Supervisory Service (FSS) gave prior notice to Lotte Card of its policy to impose a 4.5-month business suspension and a 5 billion won penalty surcharge.
In the industry, the 4.5-month business suspension among the sanctions is expected to be the biggest blow. That is because core revenue activities such as recruiting new members and issuing cards would effectively be halted. Beyond a short-term drop in results, it is highly likely to lead to a decline in market share and customer attrition.
In addition, if a financial company executive receives a reprimand warning or higher, employment at financial companies is restricted for three to five years. Sanctions for financial company executives are divided into five levels: "caution → cautionary warning → reprimand warning → suspension from duty → recommendation for dismissal."
Former CEO Cho had already stepped down late last year, taking responsibility for the incident.
However, the decision is not yet final. The Financial Services Commission's regular meeting still needs to vote, leaving open the possibility that the level of sanctions could be eased.
A Lotte Card official said of the measure, "The hacking incident last year is different from the 2014 information leak by an employee," adding, "Imposing a business suspension for a hacking incident is an unprecedented level of sanction."
The official also said, "As follow-up procedures such as the Financial Services Commission's vote remain, we will fully explain our objections to the aggravated punishment and that our post-incident response efforts prevented any secondary damage."
Earlier, Lotte Card said that in September last year it suffered a hacking attack that leaked information on 2.97 million people, about one-third of all customers.
Of these, the number of customers whose information directly tied to payments—such as card numbers, expiration dates, and card verification codes—was compromised was estimated at about 280,000.