Hacked Lotte Card loses 26,000 members in just 4 days

(Lotte Card)

South Korea’s Lotte Card Co., where a hacking incident exposed the personal information of 2.97 million customers, saw 26,000 members cancel their memberships within four days of its press briefing on the data breach last week.

The office of Representative Lee Jung-mun of the ruling Democratic Party said on Tuesday that a total of 26,122 Lotte Card members canceled their memberships between Thursday and Sunday. This represents around 10 percent of the 280,000 customers whose information was leaked most severely.

Following the hacking incident, customers opted to terminate their membership altogether rather than simply cancel their card as the termination ensures complete deletion of personal data held by the card company.

A total of 11,594 customers left Lotte Card on Thursday, the day of the press briefing, alone. Since then, 10,759 members canceled on Friday, 2,745 on Saturday, and 1,024 on Sunday, continuing the trend of customer departures.

The number of card reissuance requests followed a similar pattern. A total of 642,007 reissuance requests were filed during the same period, with 248,946 applications made on Thursday alone. The figure surged to 265,085, the highest daily total, on Friday when more customers confirmed their information had been compromised before dropping to 73,912 on Saturday and 54,064 on Sunday.

Before the incident, the average number of reissuance applications was around 2,000 per day. The number jumped to 15,000 immediately after news of the hack broke on September 1st, 2025, and then soared further once the data breach was confirmed.

Meanwhile, some affected customers are preparing a class-action lawsuit, and an online community of data breach victims grew rapidly from about 400 members in early September to 8,107 as of Tuesday.

Although legal proceedings have not begun yet, victims are expected to coordinate future lawsuits through the community.

“Public anxiety is growing with recent hacking and personal data leaks in the financial sector,” Lee noted. “Financial institutions must prioritize information security as their most important task, and supervisory authorities must carry out strict inspections and impose strong sanctions.”