FSC Delays Lotte Card Sanctions Decision Over 2.97M Customer Data Breach

South Korea's Financial Services Commission (FSC) has delayed finalizing sanctions against Lotte Card following a data breach affecting 2.97 million customers, with decisions now scheduled for committee meetings on the 23rd and 29th. The delay stems from the unprecedented nature of considering business suspension penalties for an external hacking incident, marking the first such case in the financial sector. Financial authorities are conducting detailed reviews of the penalty's appropriateness, as the Financial Supervisory Service (FSS) recommended a 4.5-month business suspension in April — which would represent the highest penalty imposed on a card company since the 2014 multi-company data breach.

FSC Schedules Final Review for Late-Month Meetings

According to financial industry sources on the 13th, the FSC will re-examine Lotte Card's sanctions proposal at an agenda review subcommittee meeting on the 23rd, followed by a final decision at a regular meeting on the 29th. The sanctions proposal was originally scheduled for subcommittee review on the 9th but was postponed the day before the meeting. Lotte Card CEO Jung Sang-ho and information security executives plan to attend the second subcommittee meeting to present their case, following their appearance at the previous session.

Lotte Card Lotte Card headquarters

Financial authorities initially planned to complete Lotte Card's sanctions process within the first half of the year, but the repeated delays reflect concerns over imposing record-level penalties. This marks the first time authorities have considered business suspension sanctions for a data breach caused by external hacking.

4.5-Month Suspension Would Mark Highest Card Industry Penalty Since 2014

Lotte Card underwent two sanctions deliberation committee meetings at the FSS in April, resulting in a 4.5-month business suspension proposal. If confirmed, this would constitute the highest penalty imposed on the card industry since the 2014 three-card-company data breach incident. Senior financial officials including FSS Governor Lee Chan-jin and FSC Vice Chairman Kwon Dae-young have emphasized strict enforcement for data breach incidents, but authorities are exercising caution as this case will establish precedent for future sanctions related to financial company hacking incidents.

Subcommittee members are reportedly conducting detailed fact-checking on multiple issues while continuously reviewing the appropriateness of the 4.5-month business suspension penalty. Industry observers speculate the continued delays may indicate preliminary work to reduce the suspension period, though authorities have not confirmed such intentions.

Lotte Card Reports No Secondary Damage Among 2.97 Million Affected Customers

Among the 2.97 million customers whose information was breached, Lotte Card has confirmed no secondary damage cases to date. Among 280,000 customers identified as facing potential fraudulent use risk, no actual fraudulent use cases have been detected. The company reported the breach to financial authorities immediately after discovery, initiated customer notification and compensation procedures, strengthened its information security organization through restructuring, and implemented personnel changes as part of incident response measures.

A financial authority official stated, "There are many issues at stake, and as committee members verify each question one by one, deliberations are taking longer. We are reviewing based on factual circumstances and have not yet reached a final decision."

FAQ

What penalty did the FSS recommend for Lotte Card's data breach?
The Financial Supervisory Service recommended a 4.5-month business suspension for Lotte Card in April following two sanctions deliberation committee meetings. This would represent the highest penalty imposed on a card company since the 2014 data breach incident.

When will the FSC finalize sanctions against Lotte Card?
The FSC will review the sanctions proposal at an agenda review subcommittee meeting on the 23rd and make a final decision at a regular meeting on the 29th, according to financial industry sources on the 13th.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments