(Lee Seung-hwan)

<이미지를 클릭하시면 크게 보실 수 있습니다>

Lotte Card Co. said Thursday that a record data breach compromised the personal information of 2.97 million customers, or about a third of its total 9.6 million cardholders.

The company said 280,000 of them were the most severely affected with the exposure of unencrypted data including card numbers, passwords, expiration dates, CVC codes, resident registration numbers, dates of birth, and phone numbers.

At a press conference in central Seoul, Chief Executive Officer Cho Jwa-jin said the intrusion was detected last month. “Traces of external hacking were found on our online payment server on August 26th, and evidence confirmed that 200 gigabytes of data was taken,” Cho said. The stolen volume was more than 20 times greater than the 9.82 GB leaked in a recent SK telecom Co. breach and more than 100 times larger than the 1.7 GB Lotte Card initially disclosed.

The scale of the theft and the sensitivity of the information have fueled growing concern among customers. Lotte Card acknowledged that 280,000 people face potential risk of online fraudulent transactions because the stolen data could be used for unauthorized payments.

Another 470,000 customers had their encrypted card numbers and national identification numbers, along with personal and payment information, compromised. Data from 2.22 million additional customers was also stolen, mainly encrypted card numbers and online payment details. Regulators and the company said these groups are less exposed because most of the information was encrypted and some key elements needed for transactions were missing.

Lotte Card began notifying the most affected 280,000 customers on Wednesday via text messages and phone calls, urging them to reissue their cards and change their passwords. For other customers, card replacement is not deemed necessary although the company said it would cooperate if cardholders request it. No financial losses have been confirmed so far.

Cho said the company would take full responsibility, promising to compensate customers for any losses resulting from the breach.

At a senior aides’ meeting on the same day, President Lee Jae-myung described the incident as a wake-up call and urged the government to move quickly on comprehensive cybersecurity measures alongside corporate accountability.