A massive customer data leak at Lotte Card (now owned by private equity firm MBK Partners since 2019, despite retaining the 'Lotte' brand) has exposed significant personal information of customers. The breach triggered widespread consumer anger, with many mistakenly blaming Lotte Group the former parent company due to persistent brand association. The incident caused substantial reputational damage to Lotte Group, which clarified it holds no managerial control (only a 20% non-participatory stake) and receives no royalties for brand use. The leak reignited debates over Korean corporate practices where companies retain legacy names post-acquisition, leading to misplaced accountability. While no ransomware was involved, the breach involved large-scale customer data exposure, intensifying public distrust and financial risks for the independent entity under MBK Partners.
TPRM report: https://www.rankiteo.com/company/lotte-card
"id": "lot4433344100625",
"linkid": "lotte-card",
"type": "Breach",
"date": "6/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Finance',
'location': 'South Korea',
'name': 'Lotte Card',
'type': 'Financial Services (Credit Card Company)'},
{'industry': 'Diversified (Retail, Finance, '
'Construction, etc.)',
'location': 'South Korea',
'name': 'Lotte Group',
'type': 'Conglomerate'}],
'data_breach': {'data_exfiltration': True},
'date_publicly_disclosed': '2023-09',
'description': 'A massive customer data leak at Lotte Card, which is no '
'longer part of the Lotte Group (sold to MBK Partners in '
'2019), has sparked reputational concerns and public confusion '
"due to its continued use of the 'Lotte' brand name. The "
'breach has led to consumer anger directed at Lotte Group, '
'despite the card company operating independently under '
'private equity ownership. The incident highlights broader '
'corporate practices in South Korea where companies retain '
'well-known brand names post-acquisition to preserve market '
'trust and recognition.',
'impact': {'brand_reputation_impact': ['Reputational damage to Lotte Group '
'(despite no involvement)',
"Public confusion over Lotte Card's "
'ownership',
'Consumer anger misdirected at Lotte '
'Group'],
'customer_complaints': True,
'data_compromised': True},
'lessons_learned': ['Risks of retaining legacy brand names post-acquisition, '
'including misplaced public blame during incidents',
'Importance of clear communication about corporate '
'ownership structures to avoid reputational spillover',
'Cultural and market-driven reasons for preserving brand '
'names in South Korea, despite ownership changes'],
'post_incident_analysis': {'root_causes': ['Data security vulnerabilities at '
'Lotte Card (specifics '
'undisclosed)',
'Public perception gap due to '
"retained 'Lotte' brand name "
'post-acquisition']},
'recommendations': ['Enhance transparency about corporate ownership to '
'prevent public confusion during crises',
'Consider phased rebranding strategies for acquired '
'companies to mitigate long-term reputational risks',
'Implement proactive communication plans to clarify brand '
'affiliations in high-trust industries like finance'],
'references': [{'date_accessed': '2023-10-06', 'source': 'Korea Bizwire'}],
'response': {'communication_strategy': ['Lotte Group issued clarifications '
"about Lotte Card's independent "
'operation',
'Public statements to mitigate '
'reputational damage']},
'stakeholder_advisories': ['Lotte Group clarified its non-involvement in '
"Lotte Card's operations and the data breach",
"Emphasized that Lotte Shopping's 20% stake is for "
'cooperation, not management'],
'title': 'Massive Customer Data Leak at Lotte Card',
'type': 'Data Breach'}