Lotte Card Data Breach Sparks Debate Over Security Spending Cuts
SEOUL - A recent data breach at Lotte Card is fueling scrutiny of the company’s information security budget, which has decreased by 5.2 percentage points over the past five years. The incident, involving leaked card passwords and security codes, has raised questions about the adequacy of Lotte Card’s security measures, particularly its failure to apply recent security patches to its online payment server and a delayed response to detecting data theft.
The budget reductions at Lotte Card contrast with trends at some competitors. while Lotte Card’s security spending as a percentage of its overall IT budget declined, Kookmin Card, Hyundai Card, and Hana Card all increased their allocations for information security during the same period. Woori Card saw a 4.4 percentage point decrease (18.2% to 13.8%), Shinhan Card a 0.7 point drop (9.2% to 8.5%), and BC Card a 1.3 point reduction (11.7% to 10.4%), while Samsung Card’s security budget fell by 3.0 percentage points (11.4% to 8.4%). The controversy arrives as lotte Card’s parent company, MBK, faces criticism for prioritizing short-term profits since its 2019 acquisition of the card issuer.
The breach has prompted calls for stronger regulation of information security standards within the card industry. According to a statement, lawmaker Kang said, “It is necessary to substantially strengthen the information protection regulations on the card company to a realistic level and to stipulate it in the sub-regulations of the electronic Financial Transactions Act.”
MBK, however, disputes claims of budget cuts, characterizing them as a “misunderstanding” stemming from changes to the company’s IT infrastructure. In a press release, MBK stated that the reported reduction is “an interpretation based on the IT infrastructure.” The company has not provided further details regarding the nature of these infrastructure changes or their impact on overall security spending.
