Security Investments Doubled from 7.14 Billion to 12.8 Billion Won Over Six Years
Dividend Payout Ratio at 28%
"Comparable to Average for Korean Listed Companies"
Private equity fund manager MBK Partners has refuted public criticism, stating that since acquiring Lotte Card, it has nearly doubled its security investments and has not taken excessive dividends.
On the 21st, MBK stated, "As a major shareholder of Lotte Card, we take the recent cyber breach incident very seriously," adding, "Lotte Card is currently prioritizing the prevention of customer damage, and has activated a company-wide emergency response system to swiftly block further damage and minimize inconvenience."
First, MBK emphasized that Lotte Card has steadily increased its annual investments in information security and IT. Security investment costs nearly doubled from 7.14 billion won in 2019 to 12.8 billion won in 2025. During the same period, the number of internal personnel dedicated to information security increased from 19 to 30 (excluding personnel from external security partners). In 2021, under the 'Digiroka' strategy, the company pursued disaster recovery (DR) system implementation and backup system upgrades. The proportion of security investment relative to total IT costs has also remained at the 10-12% level.
Lotte Card’s dividend payout ratio was also similar to the average for domestic listed companies. After the change in shareholders to MBK, Woori Bank, and Lotte Shopping, the dividend payout ratio over the past four years has been in the 20-28% range, which is lower than the average of over 30% for major financial holding companies.
MBK stated, "Claims that shareholders have neglected management for short-term profit are not true," and added, "As shareholders, we will actively support Lotte Card so that it can become a more trusted financial company for its customers."
Meanwhile, Lotte Card previously suffered a hacking incident that resulted in the leakage of information belonging to 2.97 million customers. When the breach was first reported on the 5th, there were only about 100 victims and the volume of leaked data was estimated at 1.8GB. However, according to the official inspection by financial authorities on the 18th, over 200GB of information-more than 100 times the initial report-was leaked, and the number of victims was tallied at 2,969,000. Among them, 280,000 individuals had highly sensitive information compromised, including credit card numbers, CVC numbers (the three digits on the back of the card), the first two digits of their passwords, and resident registration numbers.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
