Lotte Card data breach puts spotlight on low cybersecurity investment

Concerns over cybersecurity have spread across the credit card industry following a recent data breach incident at Lotte Card, which exposed the personal information of 2.97 million customers, industry officials and politicians said Thursday. Consumer anxiety has intensified as major card issuers, despite highlighting increases in information technology (IT) staffing and budgets, allocated only around 10 percent of those resources to information security. Citing data from the Financial Supervisory Service (FSS), Rep. Kang Min-kuk of the main opposition People Power Party (PPP) said that the combined IT budgets of eight major domestic card companies totaled 5.56 trillion won ($3.97 billion) between 2020 and 2025. Of this, only 556.2 billion won, or about 10 percent, was spent on cybersecurity. Rep. Kim Sang-hoon of the PPP, also citing FSS data, noted that Lotte Card recorded the lowest ratio of information security spending to total annual budget this year at 0.3 percent. Other issuers, including Shinhan, Samsung, BC and Hyundai, allocated about 1 percent of their budgets to cybersecurit