Jo Jwajin, CEO of Lotte Card, attends Science, Technology, Information and Broadcasting Committee hearing on the 24th
Jo: "No issues with security certification... Company bears responsibility"
Jo Jwajin, CEO of Lotte Card, announced on the 24th that there is a backlog of up to 1 million card reissuance requests related to the customer information hacking incident, and stated that the issue would be resolved over the weekend.
At the hearing on "Hacking Incidents in Telecommunications and Finance" held by the Science, Technology, Information and Broadcasting Committee that day, CEO Jo said, "The maximum number of cards we can reissue in a full day of operations is 60,000." Regarding concerns about point expiration when canceling a card, he explained, "L.Points can continue to be used as long as you enter your phone number, regardless of card cancellation."
Last month, Lotte Card suffered a hacking incident that resulted in the leakage of information from 2.97 million members, totaling approximately 200GB of data. Among these, 280,000 people had not only their connected information (CI) and resident registration numbers leaked, but also their card numbers, expiration dates, and CVC numbers.
Jo Jwa-jin, CEO of Lotte Card (center), attended the hearing on the large-scale hacking incident in telecommunications and finance held on the 24th at the National Assembly's Science, Technology, Information and Broadcasting Committee. Photo by Kim Hyunmin
According to Lotte Card, from the 1st of this month until 6 p.m. the previous day, among the total 2.97 million customers whose information was leaked, 650,000 requested card reissuance, 820,000 changed their passwords, 110,000 had their cards suspended, and 40,000 canceled their cards. Excluding duplicates, Lotte Card stated that customer protection measures were implemented for 1.28 million people, about 43% of all affected customers. For the 280,000 customers at risk of fraudulent use through key-in transactions, the company explained that protection measures such as card reissuance requests, password changes, card suspensions, and cancellations have been completed for about 190,000 people, or 68% of the group.
On this day, Lee Junghyun, a member of the Democratic Party of Korea, questioned CEO Jo about suspicions of delayed reporting. In response, CEO Jo explained, "We differentiate between a security breach and a security incident," indicating that there is no obligation to report based solely on a breach. Lotte Card first detected malware infection on the 26th of last month. This was indirectly confirmed during a server synchronization process, two weeks after the initial hacking attempt. However, Lotte Card reported the security incident to the financial authorities on the 1st of this month, six days after first detecting the infection.
CEO Jo argued that there were no issues with the Personal Information Management System (ISMS-P), a security certification system operated by the Personal Information Protection Commission. This was in response to Democratic Party lawmaker Jo Incheol, who pointed out that the data leak occurred not long after the company received a passing grade in the ISMS-P certification, questioning the effectiveness of the system. CEO Jo replied, "ISMS-P does not inspect every item," and added, "In this case, the company bears greater responsibility."
When Lee Haemin, a member of the Rebuilding Korea Party, asked whether he was considering personnel changes, including resignation, CEO Jo replied, "Yes." At a press conference held on the 18th, CEO Jo also stated, "We will carry out a personnel overhaul, including my possible resignation, to a degree that is convincing to the market."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
