What: Lotte Card detected and removed multiple types of malware from its servers after a cyberattack, with authorities investigating and no evidence of customer data compromise so far.

Why it is important: Regulatory scrutiny and transparent crisis response are now essential for maintaining customer trust and operational continuity in the face of rising cyber threats.

Lotte Card has reported a significant cyberattack after discovering malware on its internal servers during a routine inspection in late August. The company promptly filed a report with the Financial Supervisory Service and initiated a comprehensive review of its systems, uncovering two types of malware and five web shells across three servers. These malicious codes, which enable remote control and data exfiltration, were swiftly removed, and no evidence of customer data leakage or ransomware was found. The incident triggered an immediate regulatory response, with authorities launching an on-site investigation to ensure no personal information was compromised. Lotte Card, which serves nearly 9.6 million customers and holds a 10.1% market share in Korea’s credit sales, emphasised that all key customer data remains secure. This event follows a series of high-profile cyber incidents in Korea’s retail and payments sector, highlighting the urgent need for robust crisis management, regulatory compliance, and transparent communication to safeguard brand reputation and customer trust.

IADS Notes:

Lotte Card’s cyberattack reflects a broader surge in sophisticated threats targeting retail-affiliated financial services, as seen in recent breaches at Louis Vuitton Korea and regulatory actions against Apple Pay and KakaoPay. The operational and reputational risks are significant, with incidents like the Co-op breach in May 2025 affecting up to 20 million individuals and prompting industry-wide shifts toward enhanced cybersecurity partnerships and crisis protocols. The sector’s vulnerability is further underscored by the fact that ransomware and third-party breaches now account for the majority of retail security incidents, often resulting in substantial financial losses and increased regulatory scrutiny, as demonstrated by the coordinated attacks on M&S and Harrods in spring 2025.

Lotte Card reports cyberattack after malware found on internal servers