Major data breach prompts about $6.5M penalty for Lotte Card

Major South Korean credit card provider Lotte Card has been ordered by the country's Personal Information Protection Commission to pay a nearly $6.5 million fine following an August data breach that exposed the personal and credit information of 2.97 million customers, reports Cybernews.

According to PIPC, the credit card provider breached South Korea's Personal Information Protection Act after determining it had not adequately secured sensitive personal data. Sensitive information, including roughly 450,000 resident registration numbers, was found to be insufficiently protected in system logs. These numbers are crucial identifiers in South Korea's national identity system, and if compromised, could be used for financial fraud and identity theft. Regulators ordered the company to update its overall data protection procedures and enhance control of how personal information is handled within its payment systems.

In order to inform impacted clients, the company must also post information about the occurrence on its website. Regulators described the sanction as one of the more significant penalties issued in the country for privacy and data protection violations.