[Alpha Biz= Reporter Kim Sangjin] Lotte Card has been fined 36 million won by financial authorities for exposing the personal credit information of dozens of customers, violating the "Credit Information Use and Protection Act" and the "Electronic Financial Transactions Act."

According to the Financial Supervisory Service (FSS) on August 4, Lotte Card received the fine along with an institutional warning. Additionally, one executive received a warning for significant violations, and two actions were mandated for employees to address the issues.

The FSS reported that Lotte Card, in June 2022, inadvertently exposed the credit card transaction details and other personal information of several customers while updating its mobile app with a new development program. The incident occurred during a 27-minute temporary operation of the new phone authentication service, which lacked the essential institution-specific management number required for authentication. The app's new program failed to properly match user authentication information, leading to the disclosure of sensitive credit information to other users.

Further issues included inadequate data management practices. Important data such as transaction amounts, dates, and membership details were not preserved when electronic records were altered due to system errors or malfunctions. External company staff also directly modified this critical data, which is prohibited by current regulations for electronic financial transactions.

The FSS has instructed Lotte Card to address two management issues and implement 11 improvements.

This is not the first time Lotte Card has faced penalties. In 2020, the company was fined 10 million won for violating personal data protection laws, following a data breach that exposed 17.59 million personal records in 2013.

 

 

[ⓒ AlphaBIZ. 무단전재-재배포 금지]