Lotte Card Co., the country's fifth-largest card issuer, said on Thursday that personal data of some 3 million customers has been leaked in a hacking incident last month, but there has yet to be any report of improper use.
Lotte Card said the leaked data, estimated at 200 gigabytes, included identification numbers, internal identification numbers and connecting information.
The leaked data also included card verification codes, card numbers and card validity period of some 280,000 customers, critical information that may expose their owners to credit card fraud, according to the company, reports Yonhap news agency.
Lotte Card CEO Cho Jwa-jin issued a public apology and announced response measures, including full compensation for any reported damage caused by improper use of stolen data.
"Leaked data was created in the online settlement process via online servers between July 22 and August 27," Cho said.
The CEO stressed that leaked data cannot be improperly used for offline settlements. "Additional identification processes are necessary for online settlements, so improper card uses are difficult with only breached data."
Earlier this month, Lotte Card, with some 9.6 million members, disclosed a cyber breach. Since then, the financial watchdog and the card company have been struggling to gauge the damage caused by the hacking.
Lotte Card's data breach is the latest in a series of massive cyber breach cases in the financial sector. Earlier, Seoul Guarantee Insurance had suffered a similar hacking incident.
Lotte Card's cybersecurity lapse also came as Financial Supervisory Service Gov. Lee Chan-jin has been calling on financial firms to beef up their cybersecurity and better safeguard customers.
Meanwhile, the science ministry here has launched an official probe into a purported attempt to sell personal data allegedly leaked from South Korea's top mobile carrier SK Telecom Co.
The move came after a global hacking group, Scattered Lapsus$, posted on its Telegram channel that it would sell SK Telecom's client data for US$10,000, adding that 42 South Koreans had already made contact.
The government also recently launched a probe against No. 2 mobile carrier KT Corp., which reported a total of 278 cases of unauthorized mobile payments worth 170 million won ($122,000), raising concerns over a possible leak of customer data.
(With inputs from IANS)
