Major South Korean credit card provider Lotte Card has been subjected to an investigation by the country's Personal Information Protection Commission examining potential data protection law violations following a data breach last month that compromised nearly 3 million users, according to The Record, a news site by cybersecurity firm Recorded Future.The data included sensitive financial data, such as verification codes, card numbers, and expiration dates, internal IDs, contact information, and identification numbers. The card issuer confirmed the attack, which was discovered during a routine server check nearly two weeks after the hacker gained access, but noted that there have been no unauthorized transactions detected.Reports indicate that the threat actors exploited an unpatched payment server vulnerability that had remained unfixed since 2017, with one server linked to an overseas payment service that was not updated despite an available fix released within the same year. Approximately 56% of the 2,700 leaked files were encrypted."We will use this as an opportunity to fundamentally reform not just security but the companys entire management framework," said Lotte Card Chief Executive Cho Jwa-jin. During a press conference, Cho also apologized and pledged compensation.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds