Lotte Card CEO Jo Jwajin Vows Personnel Reform by Year-End After Hacking Incident... "Resignation Included" (Comprehensive)

Jo Jwajin, CEO of Lotte Card, stated on the 18th that, in connection with the hacking incident that resulted in the leakage of customer information for 2.97 million out of 9.6 million members, "By the end of the year, we will implement a level of personnel reform that the market will find acceptable, including the possible resignation of myself and the executive team."

Jo Jwa Jin, CEO of Lotte Card, is issuing an apology statement on the 18th at Booyoung Taepyeong Building in Jung-gu, Seoul, regarding the customer information leak caused by a hacking incident. Photo by Moon Chaeseok

At a press conference held that afternoon at Booyoung Taepyeong Building in Jung-gu, Seoul, CEO Jo said, "I sincerely apologize for causing concern to our customers and relevant organizations."

On this day, Lotte Card explained that the leaked member information consisted of data generated and collected during online payment processes, including connected information (CI), resident registration numbers, virtual payment codes, internal identification numbers, and types of simple payment services. The total number of affected customers was confirmed to be 2.97 million. Among them, about 280,000 customers are at risk of having their cards used fraudulently.

CEO Jo stated, "There are 280,000 customers whose card information could potentially be used fraudulently due to the leaked data," and explained, "The scope of the leaked information includes card numbers, expiration dates, and CVC (card verification codes)." He further noted that these 280,000 customers are at risk of fraudulent use when making 'key-in' transactions, where card information is entered directly into a terminal.

He added, "These customers registered their card information for new pay services or commerce sites between July 22 and August 27," and emphasized, "We will prioritize the reissuance of cards for these customers."

CEO Jo explained, "For the remaining 2.69 million customers, only certain items were partially leaked," and clarified, "There is no risk of fraudulent card use with only that information." He continued, "The information leak was limited to the online payment server and is unrelated to offline payments," adding, "No customer names were leaked."

Jo Jwajin, CEO of Lotte Card (fifth from the left), and other officials are apologizing to customers on the 18th at the Booyoung Taepyeong Building in Jung-gu, Seoul, regarding the customer information leak caused by a hacking incident. Photo by Moon Chaeseok

CEO Jo emphasized that the company has established a policy of full compensation for affected customers. He stated, "Lotte Card will take full responsibility and compensate for the entire amount of damages caused by the incident. If any secondary damages are found to be related, we will also provide full compensation for those."

Regarding what constitutes secondary damages, he said, "For example, if someone used a leaked phone number to open a mobile phone account and made micro-payments, that would be considered," and added, "If such incidents occur as a result of this leak, we believe those should also be compensated."

All customers whose information was leaked will be offered a 10-month interest-free installment service free of charge until the end of the year, regardless of the payment amount. For the 280,000 customers eligible for card reissuance, the annual fee for the following year will be fully waived upon reissuance.

As of 6 p.m. the previous day, card reissuance, use suspension, and membership withdrawal measures had been taken for 55,000 out of the 280,000 customers, thereby eliminating the risk of fraudulent use for those individuals.

Lotte Card reported the hacking incident to financial authorities on the 1st, initially estimating the scale of the data leak at 1.7GB. However, investigations later confirmed that the actual volume of leaked data was approximately 200GB. The hacking itself occurred on August 14, but the company only became aware and began investigating at the end of that month. This has led to criticism that the initial response was delayed and that the scale of the damage was not properly assessed.

CEO Jo explained, "On August 26, we detected signs of an external hacking attempt on the online payment server, and on the 31st, we discovered evidence of an attempt to extract 1.7GB of data." He continued, "From September 2, on-site inspections by the Financial Supervisory Service and the Financial Security Institute began, and we identified indications that an additional 200GB of data had been extracted." He added, "The previous day, we finally confirmed that some customer information for specific customers had been leaked."

Jo Jwa-jin, CEO of Lotte Card, is explaining the "Current Status of Information Security Operations and Investment Plans" on the 18th at Booyoung Taepyeong Building in Jung-gu, Seoul. Photo by Moon Chaeseok

CEO Jo announced that he would activate a company-wide emergency response system under his direct leadership and strengthen security measures. Over the next five years, the company plans to invest 110 billion won in information security to establish its own security monitoring system.

He also stated that personnel reform and organizational restructuring would be implemented. The company will transition from a function-based structure to one centered on customers, customer value, and customer protection.

He also hinted at the possibility of resigning by the end of the year. His term runs until March 29 of next year. CEO Jo said, "Including myself as CEO, we will complete a major personnel reform by the end of the year," and emphasized, "My final duty as CEO is to eliminate customer damage and minimize inconvenience."

Regarding the possibility of regulatory actions such as business suspension by financial authorities, the imposition of fines, or severe disciplinary action against the CEO, he said, "This is not the time to think about sanctions, nor have I ever considered them," adding, "Our priority is to address the damages first."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.