S. Korea's FSC to Finalize Lotte Card Sanctions Over Data Breach Next Month

South Korea's Financial Services Commission (FSC) is preparing to conclude its sanctions against Lotte Card, following a major data breach last year that exposed the personal information of approximately 2.97 million customers, nearly a third of its total customer base. The FSC plans to hold its first subcommittee meeting on the matter on June 25, involving officials from the Financial Supervisory Service (FSS) and Lotte Card representatives.

The FSS, which investigated the incident, will present the grounds for its proposed sanctions. In April, the FSS's disciplinary committee recommended a severe penalty for Lotte Card: a 4.5-month business suspension, a fine of 5 billion won (approximately $3.6 million), and a warning for former CEO Cho Ja-jin. Lotte Card is expected to argue for leniency, citing the exceptional nature of the hacking incident, its subsequent efforts to mitigate damage, and the absence of secondary harm to customers.

This case is drawing significant attention because imposing a business suspension on a financial firm due to a hacking incident would set a new precedent in South Korea. The FSC anticipates multiple subcommittee meetings to thoroughly discuss the case before a final decision is made at its regular meeting next month. While the FSS's strong sanctions are on the table, there is a possibility that the penalties could be reduced, taking into account Lotte Card's response and recovery efforts.

Meanwhile, other credit card companies are also facing scrutiny. Woori Card and Shinhan Card are expected to undergo FSS disciplinary reviews as early as next month. Woori Card is under investigation for personal data leaks of approximately 75,000 merchants' representatives to card solicitors in 2024. Shinhan Card had 192,000 cases of customer information, including merchant phone numbers and business registration numbers, leaked between March 2022 and May 2023.