In connection with the Lotte Card hacking incident, the People Power Party said it would summon Kim Byung-ju, chairperson of MBK Partners, the largest shareholder of Lotte Card, to the National Assembly audit. Cho Joa-jin, chief executive of Lotte Card, explained, "Of the 280,000 customers whose sensitive information was leaked, 184,000, or 66%, have reissued their cards or changed their PINs, so the risk has been blocked."
Lawmakers of the People Power Party on the National Policy Committee held a meeting on the 23rd titled "Roundtable on measures to protect victims of the Lotte Card personal information leak and to prevent a recurrence." Attending the meeting were Cho Joa-jin, chief executive officer of Lotte Card; Yoon Jong-ha, vice chairperson of MBK Partners; the Financial Services Commission and the Financial Supervisory Service; and the Personal Information Protection Commission, among others.
People Power Party lawmakers said they would hold MBK Partners, the largest shareholder of Lotte Card, accountable. Kang Min-guk said, "After the Homeplus incident, there was another accident. There's even a saying 'Again-BK,'" adding, "We plan to adopt MBK Chairperson Kim Byung-ju as a witness for the upcoming National Assembly audit." MBK Partners is also the largest shareholder of Homeplus.
Kim Sang-hoon said, "Among the eight card companies in Korea, Lotte Card cut its information security budget the most. Did MBK decide there was no need to invest because it had set a policy to sell Lotte Card?"
People Power Party lawmakers also said they would summon Chairperson Kim Byung-ju to the October National Assembly audit to hold him responsible for the Lotte Card hacking incident. Kim Sang-hoon said, "When we conduct the audit, we must issue a warrant to accompany him, if necessary, to ensure Chairperson Kim Byung-ju appears on the day."
There were also questions seeking to hold the government responsible. The Financial Security Institute came under fire after it belatedly emerged that it had given Lotte Card the highest grade in its security certification two days before the personal information leak. Yu Young-ha said, "Two days after the Financial Security Institute certified it at the highest grade, a hacker got in. Wouldn't the card company have believed its security was solid?" adding, "A public apology should come first." Yoon Han-hong, chairperson of the National Policy Committee, also said, "We need to examine whether the government truly bears no responsibility for such hacking incidents and whether there are parts of the government's measures that need correction."
Lotte Card and MBK Partners pledged to do their utmost to manage the fallout. Cho Joa-jin, chief executive of Lotte Card, said, "As early as this week, or by the middle of next week at the latest, we will wrap up the preparation stage to reduce the possibility of fraudulent transactions."
He said, "Of the 2.97 million people whose personal credit information was leaked, 2.14 million had encrypted information leaked, making fraudulent transactions impossible, and in the case of 540,000 people, only the alternative number for the resident registration number was leaked, so there is likewise no possibility of fraudulent transactions," adding, "For the remaining 280,000 people, sensitive information such as card number, PIN, expiration date, and CVC was leaked."
He explained, "You cannot make a physical (offline) card, and online you have to go through one more identity verification, so the possibility of fraudulent transactions such as payments or withdrawals at ATMs is low," adding, "Of the 280,000 customers whose sensitive information was leaked, 184,000, or 66%, have reissued their cards or changed their PINs, so the risk has been blocked."
He added, "There is a possibility of fraudulent transactions through key-in payments (a method of entering card information directly into the terminal), which are used in part overseas," and "For this reason, we are encouraging card reissuance via text messages and other means. We plan to fully compensate for secondary damage caused by the hacking."
Yoon Jong-ha, vice chairperson of MBK Partners, said, "We thought we had invested sufficiently in information security, but since the incident occurred, we believe it was insufficient," adding, "We will strengthen security and discuss protective measures for victims with management."