Home > Business > Industry

Watchdog orders Lotte Card to compensate victims of hack

Published: 02 Sep. 2025, 19:15

Lotte Card headquarters in Jung District, central Seoul [YONHAP]

Financial regulators have ordered Lotte Card to set up a dedicated call center for victims of a recent hacking incident and to prepare procedures for full compensation in cases of any fraudulent card use. The order comes after a cyber breach was reported at the company with 9.65 million individual customers.

The Financial Supervisory Service (FSS) said Tuesday that Gov. Lee Chan-jin had instructed executives during a morning meeting to implement consumer protection measures in response to the breach. The aim is to reduce harm and reassure customers while the agency investigates whether any personal information was leaked.

The FSS first activated its emergency response system. The agency received a report from Lotte Card about the incident on Tuesday and launched an on-site investigation with the Financial Security Institute on Tuesday.

The regulator also directed Lotte Card to strengthen the monitoring of suspicious transactions and prepare procedures to fully reimburse customers in cases of unauthorized use. Under Korea’s Specialized Credit Finance Business Act, card companies are liable for damage caused by hacking unless the customer is found to have acted with grave negligence or intent.

Customers must also be able to easily cancel or reissue their cards if they wish to prevent further harm. Lotte Card was ordered to provide a dedicated notice on its website to guide them through the process.

Industry officials said the FSS’s swift inspection and strict demands reflect concerns over Lotte Card’s poor response and inadequate security management. According to Rep. Kang Min-kuk of the People Power Party, the initial breach occurred at around 7:21 p.m. on Aug. 14. Over the following two days, approximately 1.7GB of data were leaked. A third hacking attempt on Aug. 16 failed to extract any files.

However, Lotte Card did not detect the breach until Sunday — 17 days after the initial incident. The company said it has not yet confirmed any leak of sensitive personal information or any ransomware infections.

As of last month, Lotte Card had 9.645 million individual users, excluding corporate clients, according to the Credit Finance Association of Korea. The company’s market share stood at 10.1 percent last year based on credit sales.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY YEOM JI-HYEON [[email protected]]