my timesThe Korea Times

Lotte Card data breach puts spotlight on low cybersecurity investment

Listen
Lotte Card CEO Cho Jwa-jinanswers questions from lawmakers during a National Assembly hearing in Seoul, Wednesday, on large-scale cybersecurity incidents in the telecommunications and financial sectors. Yonhap

Lotte Card CEO Cho Jwa-jin
answers questions from lawmakers during a National Assembly hearing in Seoul, Wednesday, on large-scale cybersecurity incidents in the telecommunications and financial sectors. Yonhap

Concerns over cybersecurity have spread across the credit card industry following a recent data breach incident at Lotte Card, which exposed the personal information of 2.97 million customers, industry officials and politicians said Thursday.

Consumer anxiety has intensified as major card issuers, despite highlighting increases in information technology (IT) staffing and budgets, allocated only around 10 percent of those resources to information security.

Citing data from the Financial Supervisory Service (FSS), Rep. Kang Min-kuk of the main opposition People Power Party (PPP) said that the combined IT budgets of eight major domestic card companies totaled 5.56 trillion won ($3.97 billion) between 2020 and 2025. Of this, only 556.2 billion won, or about 10 percent, was spent on cybersecurity.

Rep. Kim Sang-hoon of the PPP, also citing FSS data, noted that Lotte Card recorded the lowest ratio of information security spending to total annual budget this year at 0.3 percent.

Other issuers, including Shinhan, Samsung, BC and Hyundai, allocated about 1 percent of their budgets to cybersecurity. KB Kookmin had the highest share at 4.5 percent, followed by Woori at 3.6 percent.

Customers are seen at a service center set up at Lotte Card’s headquarters in Seoul, Sept. 19, following a cybersecurity incident that exposed customers’ personal information. Yonhap

Customers are seen at a service center set up at Lotte Card’s headquarters in Seoul, Sept. 19, following a cybersecurity incident that exposed customers’ personal information. Yonhap

Meanwhile, as of June, employees dedicated to information security made up an average of 11.28 percent of the total IT workforce at the eight card issuers.

Notably, Lotte Card, despite being criticized for the massive data breach, ranked near the top in this category. Samsung Card had the highest ratio at 15.6 percent, followed closely by Lotte Card at 15.5 percent, while Hana Card had the lowest at 7.3 percent.

“Although security investments have remained at nearly the same level each year, there has consistently been a shortage of specialized personnel,” a credit card industry official said. “Without a proper system in place, it is unreasonable to place the entire burden on card companies.”

Amid public backlash over the Lotte Card data breach, the government signaled plans to impose tougher penalties on companies that fail to protect their customers from cyberattacks.

PPP Rep. Yoon Han-hong argued, “We need to examine whether the government bears any responsibility for these incidents and whether its response measures need to be improved.”