When did the Lotte Card cyberattack occur?

The cyberattack occurred in October 2024. Lotte Card detected malicious code on one of its servers during a system inspection on October 26, 2024. On October 31, 2024, traces of an external attempt to extract data from the online payment server were discovered, and the incident was reported to authorities the same day.

How many servers were affected in the Lotte Card attack?

The investigation identified and removed malware on three servers within Lotte Card's systems. The initial detection occurred on one server, but the subsequent investigation revealed the malware had spread to a total of three servers.

What is Lotte Card and how large is the company?

Lotte Card is South Korea's fifth-largest credit card company with over 9.6 million members. As a major financial services provider in South Korea, the company operates significant payment processing and online payment server infrastructure.

Has Lotte Card disclosed how the cyberattack occurred?

No, the nature of the attack has not been disclosed by Lotte Card. The company has only confirmed the discovery of malicious code on its servers and traces of external attempts to extract data from its online payment server.

What steps is Lotte Card taking to investigate the cyberattack?

Lotte Card has engaged external investigation companies to conduct a forensic analysis of the incident and is working closely with authorities. The company reported the incident to regulators on October 31, 2024, and is conducting a comprehensive investigation to determine the full scope of the attack.

When did Lotte Card report the cyberattack to authorities?

Lotte Card reported the cyberattack to authorities on October 31, 2024, the same day they discovered traces of an external attempt to extract data from their online payment server. This was five days after the initial detection of malicious code on October 26, 2024.

What should Lotte Card customers do about this cyberattack?

While Lotte Card claims no customer information has been confirmed as compromised, customers should monitor their card statements for any unauthorized transactions, be cautious of phishing attempts, and follow any official guidance provided by Lotte Card. Customers should also watch for official communications from the company regarding any additional protective measures or services they may offer.

Incident

South Korean credit card company Lotte Card reports cyberattack

Q: Has Lotte Card confirmed any customer data was compromised?

No, Lotte Card claims that based on its internal investigation to date, there is no confirmation that customer information or other personal data has been compromised. The company maintains that despite the cyberattack, customer data appears to remain secure.

published: Sept. 1, 2025

Learn More

Lotte Card, South Korea's fifth-largest credit card company with over 9.6 million members, reports a cyberattack that occurred in October 2024.

The company detected malicious code on one of its servers during a system inspection on October 26, 2024. The investigation identified and removed malware on three servers. On October 31, traces of an external attempt to extract data from its online payment server were also discovered, and the incident was reported the same day to the authorities.

Regulators estimate that approximately 1–2GB of data may have been affected. The company claims that based on its internal investigation to date, there is no confirmation that customer information or other personal data has been compromised.

The nature of the attack is not disclosed.

Lotte Card has engaged external investigation companies to conduct a forensic analysis and is working closely with authorities.

Update - as of 17th of September 2025, Lotte Card reports that the data breach is affecting 2.97 million. Over 280,000 customers have theor complete payment information including card numbers, CVCs, and passwords compromised.

South Korean credit card company Lotte Card reports cyberattack

Read More
Texas Dow Employees Credit Union reports MOVEit related …
ALEX Protocol reports major breach, $8.37 Million Loss
Banco Santander reports of data breach impacting customers …
CoinsPaid hacked, over $7m stolen
Georgia Heritage Federal Credit Union Reports Ransomware Attack …