my timesThe Korea Times
  1. Business
  2. Banking & Finance

MBK's alleged cut to Lotte Card cybersecurity spending raises eyebrows after data theft

Listen
By Lee Kyung-min
  • Published KST
  • Updated KST
Lotte Card headquarters in Seoul / Yonhap

Lotte Card headquarters in Seoul / Yonhap

MBK Partners, the majority shareholder of Lotte Card, cut intangible investments in the card issuer, including cybersecurity spending, fueling criticism that the private equity fund prioritized profitability over cybersecurity while exposing millions of customers’ personal information and undermining its brand reputation, market watchers said Friday.

The criticism comes amid pan-government investigations into the massive data breach at Lotte Card and unauthorized transactions at KT, a telecommunications firm.

Financial regulators are raising concerns that the private equity firm may have deliberately curtailed IT and security investments in the Lotte subsidiary after acquiring it in 2019, in a move to boost margins ahead of a future sale.

According to Financial Supervisory Service (FSS) data, investment in Lotte Card’s intangible assets — including software, digital infrastructure and IT system maintenance — dropped to 140.5 billion won ($100 million) in the first half of this year, down from 217.3 billion won in 2019.

This is in contrast with Shinhan Card, Hyundai Card and KB Kookmin Card, which all increased spending in that area by as much as 40 billion won during the same period.

The Lotte Card sustainability report also showed that its IT security spending fell to 8 percent of total expenses in 2023, down from 12 percent in 2021.

FSS Gov. Lee Chan-jin said recently during a meeting with card firm CEOs that the corporate practice of prioritizing short-term gains at the expense of long-term infrastructure must be reconsidered.

“Investment in consumer data protection is not optional,” Lee said during the meeting. “It goes to the foundation and sustainability of financial business.”

MBK Partners holds the majority stake in Lotte Card, with Lotte Shopping’s stake limited to 20 percent, without managerial control powers.

Lotte Card said Thursday that the personal data of nearly 3 million customers, or about a third of its user base, had been compromised in a hacking.

Lotte Card CEO Cho Jwa-jin offered to resign, taking full responsibility and promising prompt reform measures, including enhanced cybersecurity maintenance.

MBK said its cybersecurity spending increased to 12.8 billion won this year, up from 7.14 billion won in 2019.