**”Initial Incident on August 14, External File Transfer Occurred Twice”**
It has been revealed that Lotte Card was unaware of a hacking incident it had experienced for 17 days.
According to data reported by the Financial Supervisory Service to the office of Representative Kang Min-guk of the National Assembly’s Political Affairs Committee on the 2nd, the initial hacking incident at Lotte Card occurred on August 14th at approximately 7:21 PM. Online payment server hacking also took place on the 15th, and it has been determined that there were two instances of internal files being transferred externally. The hacker attempted another hacking on the 16th but failed to transfer any files.
However, Lotte Card did not detect the hacking incident until around noon on August 31st, meaning it took more than two weeks to become aware of the situation.
Lotte Card reported that the size of the leaked data is estimated to be around 1.7 gigabytes (GB). The Financial Supervisory Service stated, “Based on the files that failed to be transferred, it is presumed that the data included online payment request details such as card information,” suggesting the possibility of customer information leakage.
Lotte Card reported to the Financial Supervisory Service that they will “install additional antivirus software, conduct malware diagnoses, and inform potentially affected customers to change their card passwords.”
Representative Kang Min-guk stated, “Up to June this year, there have already been four hacking incidents with 3,142 pieces of information leaked. Once personal information is leaked, it often leads to large-scale financial crimes involving secondary and tertiary offenses,” and emphasized the urgent need for the financial authorities to tighten their regulatory measures on hacking incidents.