0
Lotte Card CEO Cho Jwa-jin (first from right) bows in apology alongside company executives during a press conference on the massive hacking incident at the Booyoung Taepyung Building convention hall in Jung District, Seoul, on September 18. / Source: Park Sung-il

Credit card issuer Lotte Card said Thursday that personal data from 2.97 million customers had been leaked in a massive hacking incident, promising to fully compensate for any damages.

Company CEO Cho Jwa-jin apologized at a press briefing in Seoul, saying, “As CEO, I feel boundless responsibility for causing grave concern and inconvenience to our customers. We will minimize disruption and ensure zero losses.”

The breach, which affected roughly one in three Lotte Card users, involved data collected through the firm’s online payment servers between July 22 and August 27. Leaked information included resident registration numbers, connecting information (CI), virtual payment codes, internal identifiers, and details of simple payment services. The company stressed that names were not leaked and CI data alone cannot reveal a full resident number.

So far, no fraudulent transactions have been detected, but Lotte Card identified 280,000 customers at risk. It has begun sending notifications to all affected customers and is advising at-risk users to reissue cards. Additional measures include in-app functions for card reissuance, blocking overseas transactions, and password resets, as well as expanded fraud detection monitoring and a 24-hour emergency call center.

The company also pledged broader compensation, offering all affected customers 10-month, no-interest installment plans through year’s end. Lotte Card will invest 110 billion won over the next five years in information security, raising its IT security budget to 15% of total spending, the highest in the industry.

Cho, whose third term as CEO ends in March, said the company will complete a personnel overhaul by year-end. Asked whether this included his resignation, he replied, “Personnel reforms will be carried out to the extent that the market can accept, and that includes the possibility of stepping down.”

Meanwhile, regulators signaled tough penalties. Kwon Dae-young, vice chairman of the Financial Services Commission, convened an emergency meeting and stressed that financial security is critical. “Even small lapses in information protection can trigger massive consumer harm and undermine confidence in finance. Protecting consumers from such damage must be the top priority,” he said.