SOUTH KOREA. Lotte Duty Free has conducted black-box penetration testing with cyber-security firm Stealien to reinforce its information security capabilities.
Simulating a real hacking attack, the month-long test was carried out without any prior information from the client, including system architecture or vulnerabilities, and without a predefined scenario.
Unlike usual penetration tests that target predefined scenarios, this approach uses all available methods to assess the overall security system from a real-world hacker’s perspective.
The assessment with Stealien’s white-hat hacker team began on 29 December 2025, covering all the retailer’s services externally accessible via the internet.
Designed to identify potential security gaps, the test allowed the company and Stealien to jointly review and remediate any vulnerabilities detected.
The company’s proactive approach to security threats strengthens customer trust, Lotte Duty Free noted.
Lotte Duty Free Head of Information Security Division Lim Jeong-woo said, “This black-box penetration test is a valuable opportunity to proactively identify and address company-wide security vulnerabilities.
“We will continue to enhance our security capabilities and provide customers with safer and more reliable services.”
In addition to this initiative, the retailer emphasised its ongoing security measures, such as forming an information security task force and conducting quarterly committee meetings.
These efforts include regular security assessments of its Amazon Web Services environment and providing vulnerability remediation training for developers and operators.
Reflecting its commitment to information security, Hotel Lotte – including Lotte Duty Free, Lotte Hotel & Resorts and Lotte World Adventure – was awarded a Minister’s Commendation by the Ministry of Science and ICT for its contributions to the information security industry at Security Festa 2025 in December. ✈
