Breach cyber

Lotte Card Co.

Sep 1, 2025 2 min read
Lotte Card Co.

Lotte Card Co., South Korea’s fifth-largest credit card issuer, suffered a **massive cybersecurity breach** resulting in the **leak of personal data belonging to approximately 3 million customers**. The incident, disclosed in September 2025, is part of a growing trend of high-profile cyberattacks targeting the financial sector in the country. The breach exposed sensitive customer information, raising concerns over identity theft, financial fraud, and reputational damage to the company. The Financial Supervisory Service (FSS), South Korea’s financial regulator, responded by pledging **stern measures**, including the **highest-ever penalty** if serious violations are confirmed. The incident has prompted regulatory calls for **strengthened IT infrastructure investments** across financial institutions to prevent future breaches and protect consumer data. The case underscores vulnerabilities in the financial sector’s cybersecurity defenses, particularly against **sophisticated hacking operations** aimed at exploiting customer databases. The breach follows a similar attack on **Seoul Guarantee Insurance**, reinforcing fears of systemic risks in the industry. While the exact method of the attack (e.g., phishing, malware, or insider threat) was not specified, the scale and nature of the data leak suggest a **targeted cyberattack** with severe implications for customer trust and regulatory compliance.

Source: https://en.yna.co.kr/view/AEN20251021005400320

TPRM report: https://www.rankiteo.com/company/lotte-card

"id": "lot5562355102125",
"linkid": "lotte-card",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '3,000,000',
                        'industry': 'financial sector',
                        'location': 'South Korea',
                        'name': 'Lotte Card Co.',
                        'size': 'fifth-largest card issuer in South Korea',
                        'type': 'financial services (credit card issuer)'}],
 'data_breach': {'data_exfiltration': 'yes',
                 'number_of_records_exposed': '3,000,000',
                 'personally_identifiable_information': 'yes',
                 'sensitivity_of_data': 'high (personal data)',
                 'type_of_data_compromised': 'personal data'},
 'date_publicly_disclosed': '2025-09',
 'description': "Lotte Card Co., South Korea's fifth-largest card issuer, "
                'disclosed a hacking incident in September 2025 that resulted '
                'in the leakage of personal data belonging to approximately 3 '
                'million customers. The breach is part of a series of cyber '
                'incidents in the financial sector, prompting regulatory '
                'scrutiny and calls for stricter data protection laws. The '
                'Financial Supervisory Service (FSS) announced plans to draft '
                'a bill mandating heavier IT investments by financial firms to '
                'prevent such breaches and protect consumer data. The FSS also '
                "warned of the 'highest-ever penalty' for Lotte Card if "
                'serious violations are found.',
 'impact': {'brand_reputation_impact': 'high (regulatory scrutiny, potential '
                                       'highest-ever penalty)',
            'data_compromised': ['personal data'],
            'identity_theft_risk': 'likely (personal data of 3 million '
                                   'customers exposed)',
            'legal_liabilities': 'pending (FSS investigation for rule '
                                 'violations)'},
 'investigation_status': "ongoing (FSS investigation into Lotte Card's rule "
                         'violations)',
 'recommendations': ['Financial companies urged to invest heavily in IT '
                     'systems to block cybersecurity breaches (per proposed '
                     'FSS bill).',
                     'Virtual asset exchanges called to improve consumer data '
                     'protection (per proposed FSS bill).'],
 'references': [{'date_accessed': '2025-10-21',
                 'source': 'Yonhap News Agency'}],
 'regulatory_compliance': {'fines_imposed': "pending (potential 'highest-ever "
                                            "penalty' by FSS)",
                           'legal_actions': 'pending (FSS investigation)',
                           'regulatory_notifications': 'Financial Supervisory '
                                                       'Service (FSS) '
                                                       'involved; bill for '
                                                       'financial consumer '
                                                       'data protection in '
                                                       'draft stage'},
 'response': {'communication_strategy': 'public disclosure (via media '
                                        'reports)'},
 'stakeholder_advisories': 'Financial Supervisory Service (FSS) governor Lee '
                           'Chan-jin announced regulatory measures during '
                           'parliamentary inspection on 2025-10-21.',
 'title': 'Lotte Card Data Breach Affecting 3 Million Customers',
 'type': ['data breach', 'hacking']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.