25.09.18.Today News : Lotte Card Hacked: 2.97M Users’ Data Leaked

Lotte Card Hacked: 2.97M Users’ Data Leaked, 280,000 Exposed to CVC Breach

📍CEO Cho Jwa-jin apologizes, vows full compensation… Regulators warn of toughest penalties

In Korea’s worst credit card data breach, 2.97 million Lotte Card customers had their personal information leaked. Among them, 280,000 lost full card details including CVC, enabling potential fraudulent overseas payments. Lotte Card’s CEO publicly apologized and pledged full compensation, while regulators announced strict sanctions.

Lotte Card suffered the worst-ever hacking incident involving a credit card company, with the personal information of 2.97 million customers leaked.

---

■ Largest-Ever Data Breach in Korean Card Industry
Lotte Card confirmed that 2.97 million customers — about 30% of its total users — had their data compromised in a massive hacking attack. Hackers stole approximately 200GB of data from online payment servers, a volume more than 20 times larger than the SK Telecom breach.

■ 280,000 Customers Face Severe Risk
Of the total victims, 280,000 had highly sensitive details exposed, including card numbers, partial passwords, expiration dates, CVC codes, and even resident registration numbers. These details make fraudulent “key-in” transactions and overseas online purchases possible, raising serious concerns over secondary financial fraud.

■ Delayed Response and Cover-Up Allegations
The hacking infiltration began on July 12, with data exfiltration occurring between July 14 and 27. Yet Lotte Card only discovered the breach on August 26 and reported it to regulators on September 1. Customers were not informed until September 17 — over a month after the attack. Initially, the company claimed that no customer data had been leaked, but later reversed its position, triggering public criticism of a cover-up.

■ CEO Cho Jwa-jin’s Press Conference
On September 18, CEO Cho Jwa-jin held a press conference in Seoul to issue a public apology.
“Evidence shows that 200GB of data was leaked, and sensitive customer information was confirmed to have been exposed,” he admitted.
“I deeply apologize for the anxiety and inconvenience caused. Lotte Card will take full responsibility and provide complete compensation for all damages.”

He also explained the delay in detection, saying:
“The hacker used sophisticated methods that closely resembled normal system operations, making early detection extremely difficult. It took time to decrypt the data and identify affected customers.”

■ Support Measures for Victims
For the 280,000 most severely impacted, Lotte Card will reissue cards, encourage password changes, and waive annual fees. Additionally, all affected users will receive benefits including interest-free installment plans, real-time fraud alerts, and free access to the “Credit Care” compensation program.

■ Regulators to Impose Harsh Sanctions
The Financial Services Commission and Financial Supervisory Service warned of the strongest disciplinary measures, criticizing Lotte Card’s poor security management. Regulators are preparing to introduce punitive fines and enforcement charges for financial firms that neglect cybersecurity standards.

President Lee Jae-myung also addressed the issue, calling for systemic reforms:
“While corporate accountability is necessary, the government must urgently establish comprehensive countermeasures against hacking crimes.”

One-line summary : Lotte Card leaked data of 2.97 million users, including full card details of 280,000; the CEO apologized and vowed full compensation as regulators promised the toughest sanctions.