Lotte Card Implements Protective Measures for 79% of At-Risk Customers... "24-Hour Consultation During Holidays"

On October 2, Lotte Card announced that it had completed card reissuance and password change measures for 220,000 customers (79%) out of the 280,000 customers who were at risk of fraudulent use through KEY IN transactions following a hacking incident in August.

In August, a hacking incident at Lotte Card resulted in the leakage of personal information belonging to 2.97 million customers. The total volume of leaked data was approximately 200GB. Among these, 280,000 customers had critical payment information exposed, including card numbers, two digits of their passwords, and card security codes (CVC).

Jo Jwa-jin, CEO of Lotte Card (right), attended the "Lotte Card Personal Information Leakage Incident, Victim Protection Measures and Recurrence Prevention Countermeasures Meeting" hosted by the People Power Party at the National Assembly on the 23rd of last month. Photo by Kim Hyun-min

원본보기 아이콘

From September 1 through the previous day, Lotte Card implemented customer protection measures for about 220,000 customers-representing 79% of the 280,000 affected-such as card reissuance applications, password changes, card suspension, and cancellation. The number of card reissuance applications from these customers was about 210,000, and approximately 200,000 cases, or 95%, have been completed.

Lotte Card is prioritizing protective measures for these 280,000 customers. The company has strengthened monitoring through its Fraud Detection System (FDS), requiring identity verification for all overseas online payments at foreign merchants. For domestic merchants capable of KEY IN transactions, approval is also only granted after identity verification.

For customers among the 280,000 who have not yet had protective measures applied after the Chuseok holiday, Lotte Card will switch their cards to a system that automatically declines all non-face-to-face online payments. This is to fundamentally block the possibility of fraudulent transactions. The company also plans to continue sending additional notification texts and making phone calls to these customers to ensure prompt card reissuance.

For the entire group of 2.97 million customers whose personal information was leaked, protection measures such as card reissuance applications, password changes, card suspension, and cancellation have been implemented for 1.42 million customers, or 48%. However, for the remaining 2.69 million customers-excluding the 280,000 at high risk-Lotte Card explained that the leaked information alone does not pose a risk of card misuse, so separate card reissuance is not necessary. Lotte Card also clarified that customers outside the 2.97 million affected were not subject to any data breach.

From September 1 through the previous day, the total number of card reissuance applications at Lotte Card was about 1.16 million. Of these, approximately 880,000 cases, or 76%, have been completed. The company expects to complete the remaining reissuances in sequence by the weekend following the end of the Chuseok holiday.

Lotte Card will continue to operate its dedicated cyber incident consultation center (1588-8100) 24 hours a day, even during the holiday period.

A Lotte Card representative stated, "Lotte Card will take full responsibility and compensate for the entire amount of damages caused by this incident," adding, "In cases where a connection to the data breach is confirmed, Lotte Card will also provide full compensation for any secondary damages resulting from the leakage of customer information."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.