(Yonhap)

<이미지를 클릭하시면 크게 보실 수 있습니다>

Concerns are being raised that MBK Partners Ltd., the largest shareholder of Lotte Card Co., neglected investment in cybersecurity, which may have contributed to the recent data breach.

Critics suggest that MBK prioritized maximizing profitability for a future sale while cutting essential cybersecurity-related expenditures.

The leak of personal information from millions of customers has also sparked worries about a potential decline in trust toward the Lotte brand, which is shared by Lotte Group.

According to the Financial Supervisory Service’s electronic disclosure system on Thursday, Lotte Card’s intangible assets dropped from 217.3 billion won ($156.6 million) in 2019 – when MBK Partners acquired the company – to 140.5 billion won in the first half of this year.

Intangible assets include non-physical assets such as trademarks, patents, intellectual property, and investments in IT hardware and software.

In the same period, competitors increased their tangible assets – Shinhan Card Co. by 40 billion won, Hyundai Card Co. by 25 billion won, and KB Kookmin Card Co. by 40 billion won.

Meanwhile, the proportion of Lotte Card’s overall IT budget allocated to information security also fell from 12 percent in 2021 to 8 percent in 2023, according to Lotte Card’s sustainability report.

Although still above the industry standard of 7 percent, this drop has been interpreted as a sign of declining investment in cybersecurity compared to previous years.

“The decrease in both intangible assets and the proportion of IT investment allocated to security suggests that cybersecurity spending was likely not increased,” said an industry insider.

MBK Partners noted that “We have invested about 150 billion won in IT over the past five years, and half of that went toward cybersecurity. As a private equity fund, we are focused on enhancing corporate value and cannot afford to neglect security investments.”

Regulators have also expressed concern.

Lee Chan-jin, governor of the FSS, recently told credit card company CEOs that incidents like hacking “should serve as a moment of reflection on whether an excessive focus on short-term performance has come at the cost of long-term investments.”

There are growing concerns that the incident may damage the Lotte brand’s image, as consumers associate Lotte Card with the broader Lotte Group.

While the actual majority shareholder is BMK Partners, Lotte Shopping holds only a 20 percent minority stake and is not directly involved in management.

Consumers, however, may perceive Lotte Card as a Lotte affiliate, potentially affecting trust in other Lotte businesses such as Lotte Department Store, Lotte Mart, and Lotte World, insiders noted.

The planned sale of Lotte Card is also expected to face delays.

Private equity firms typically aim to exit investments within three years, but Lotte Card has failed to attract buyer interest in the M&A market.

The recent data breach is likely to further lower its valuation as an acquisition target.

In 2019, MBK Partners and Woori Bank formed a consortium to acquire Lotte Card for 1.38 trillion won.