Lotte Card Hacked Immediately After FSS Chief Orders 'Consumer Protection'... Emergency System Activated in Digital and Small Finance Divisions
Small Finance Inspection Bureau 3 and IT Inspection Bureau Conduct On-Site Inspection at Lotte Card
Small Finance and IT Supervision and Inspection Bureaus Expected to Join 'Emergency Response System'
Key Issue: Will Inspection Reveal Financial Losses or Personal Data Breach?
Industry: "This Is Not Just Lotte Card's Problem... A Warning to the Entire Financial Sector"
The Financial Supervisory Service and the Financial Security Institute are currently conducting on-site inspections in connection with the Lotte Card hacking incident. The Financial Supervisory Service has activated an emergency response system led by the Digital and Information Technology Division and the Small Finance Division, including their supervisory and inspection departments, to ensure thorough internal control over external hacking attempts. If the inspection reveals any financial losses, or if new facts such as the leakage of consumer payment information or personal data are discovered, full compensation and strong sanctions may be imposed, causing heightened tension throughout the financial sector.
Lee Chanjin, Governor of the Financial Supervisory Service, is delivering opening remarks at the "Financial Supervisory Service Governor - Insurance Company CEO Meeting" held at the Life Insurance Education and Culture Center in Jongno-gu, Seoul on September 1, 2025. Photo by Kang Jinhyung
View original imageOn September 2, Lee Chanjin, Governor of the Financial Supervisory Service, stated during an executive meeting attended by 15 headquarters executives (including the governor, vice governors, and assistant vice governors), "We will thoroughly examine the cause of the incident and the scale of the damage through on-site inspections," and instructed, "Activate the emergency response system within the Financial Supervisory Service and respond in a coordinated manner."
Five employees from the Small Finance Inspection Bureau 3 and the IT Inspection Bureau of the Financial Supervisory Service have been deployed for the on-site inspection. Including staff from the Financial Security Institute, approximately 10 people are currently conducting the investigation on-site.
There is keen interest in whether the on-site inspection by the Financial Supervisory Service will newly uncover any financial losses or instances of consumer payment or personal information leakage. According to Lotte Card, no financial losses or personal data breaches have been confirmed. Lotte Card stated, "During a server inspection on August 26, we discovered a malware infection. As a result of our investigation, we found two types of malware and five types of web shells on three servers, but they were immediately deleted." As of 12:00 p.m. on August 31, only traces of attacks on the online payment server by external attackers had been found, with no evidence of financial losses or personal information leakage.
If financial losses occur due to hacking or fraudulent card use, Lotte Card is required to fully compensate the damages in accordance with the Specialized Credit Finance Business Act and relevant terms and conditions. The situation becomes particularly serious if a personal data breach is detected. According to Lotte Card and the broader credit finance industry, if a personal data breach is confirmed, the company must immediately notify the affected customers and establish a system to coordinate the details of the breach, reporting to both the financial supervisory authorities and the Personal Information Protection Commission. According to Article 42 of the amended Credit Information Act, which was revised in November of last year, a fine of up to 3 percent of total sales can be imposed.
In the political arena, there has been criticism that Lotte Card may have delayed reporting the attempted internal file leak despite being aware of it, or that the Financial Supervisory Service was slow to detect the incident due to lack of capability. The office of Kang Minkook, a member of the National Assembly's Political Affairs Committee from the opposition party, issued a press release claiming that while Lotte Card reported the incident to the Financial Supervisory Service at 12:00 p.m. on August 31, the actual internal file leak resulting from the hacking occurred at 7:21 p.m. on August 14. The statement also alleged that there were external leak attempts within Lotte Card over three days from August 14 to 16, with two successful leaks.
The Financial Supervisory Service reported to the assemblyman's office, "We are still identifying the specific information contained in the leaked files, but based on the files that failed to be exported, it appears that 'card information and online payment request details' may have been included." Lotte Card also informed the Financial Supervisory Service that, as a future measure regarding the internal file leak, "After confirming which customers' information may have been leaked, we plan to notify those customers and advise them to change their card passwords." This suggests that customer information may have been included in the leaked internal files.
Separate from the results of the on-site inspection, attention is also focused on the news that the Financial Supervisory Service is forming an internal emergency response system. According to multiple officials from the Financial Supervisory Service, the emergency response organization may include not only the Small Finance Inspection Bureau 3 and the IT Inspection Bureau involved in the on-site inspection, but also the Small Finance Supervision Bureau and the Digital Finance General Bureau. The specific number of staff from each bureau to be included has not yet been determined.
An official from the Financial Supervisory Service stated, "We expect that not only the inspection bureaus involved in the on-site inspection but also the relevant supervisory bureaus from the headquarters will be included."
Meanwhile, after learning about the on-site inspection of Lotte Card and the directives from the Financial Supervisory Service's executive meeting, the financial sector interprets this as a warning from the Financial Supervisory Service to strengthen internal controls not only for Lotte Card and the credit finance industry, but across the entire financial sector.
During the executive meeting, Governor Lee emphasized, "Under the responsibility of the CEO of each financial company, thoroughly re-examine your own financial security management system from the perspective of consumer protection," and added, "Strict sanctions will be imposed for financial security incidents resulting from negligence in management."
Hot Picks Today
"Stocks Are Not Taxed, but Annual Crypto Gains Over 2.5 Million Won to Be Taxed Next Year... Investors Push Back"
- "Don't Throw Away Coffee Grounds" Transformed into 'High-Grade Fuel' in Just 90 Seconds [Reading Science]
- With General Strike Looming, Labor Minister Steps In... Samsung Electronics Labor-Management Talks Resume (Update)
- "Groups of 5 or More Now Restricted"... Unrelenting Running Craze Leaves Citizens and Police Exhausted
- "Even With a 90 Million Won Salary and Bonuses, It Doesn’t Feel Like Much"... A Latecomer Rookie Who Beat 70 to 1 Odds [Scientists Are Disappearing] ③
An official from the credit finance industry stated, "We see this not just as a simple regulation of a single financial incident at Lotte Card, but as a warning message to the entire financial sector," and added, "While Governor Lee is emphasizing 'consumer protection' as the top priority across the financial sector, security incidents continue to occur at financial companies. We are therefore strengthening monitoring and closely watching the supervisory authorities' policies."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
