[fn Editorial] Lotte Card Hacked, Comprehensive Security System Check Needed Instead of Patchwork

It has been revealed that the scale of the hacking incident at Lotte Card, which has 9.6 million members, is much larger than expected, causing a stir.

Data leakage reported to be at the level of 1.7GB could result in millions of victims, according to observations. The CEO of Lotte Card intends to clearly disclose the company's security system management issues and announce compensation for users, issuing a public apology.

However, this issue is not merely a matter of Lotte Card's lax security. It is a serious incident that reveals the structural limitations of the entire information security system in our country, beyond the hacking incident of a single company.

Following the large-scale USIM information leakage incident at SK Telecom in April this year, recent security incidents at KT and LG Uplus have occurred in succession. Major companies in Korea have exposed how inadequate their information security systems are by repeatedly causing such absurd security incidents. Without clear countermeasures, only the public remains exposed to the damage.

A series of incidents have clearly shown that there is a fundamental flaw in the overall security system management. A major overhaul of the security system is inevitable. First, it is necessary to identify whether companies have neglected investment in security to save costs, and then propose countermeasures. If actual damage occurs, punishment must follow.

President Lee Jae-myung also pointed out that "there is a misconception that security investment is considered an unnecessary cost." If long-term security investment was ignored for short-term company performance, appropriate responsibility must be taken.

The government also plans to introduce punitive fines and take strong action against companies that repeatedly cause incidents. However, punishment is not the only solution. There are limits to post-incident punishment. Prevention is more effective in any case, and it can minimize social costs. Policies that incentivize strengthening security, such as expanding tax benefits for security investments, should also be actively introduced.

Above all, this opportunity should be used to conduct a reassessment of the domestic security system. If there are problems with the system, fundamental improvements are necessary. Hacking technology is evolving day by day. It is necessary to determine whether the successive hacking incidents are due to companies' lax security measures or if they breached the defense due to technological advancement.

If the former is the cause, companies should be held accountable and punitive measures should be prepared, but if it is due to structural issues in security technology, the security paradigm itself may need to be changed.

Once leaked, personal information of the public is an irretrievable asset. In particular, financial information is sensitive as it is directly related to the public's life and assets. Companies should recognize security as a survival condition, not a choice, and raise awareness. The government should also prepare strong sanctions, but it should focus its capabilities on building a security system that can fundamentally prevent hacking.