South Korea’s financial watchdog on Thursday said it would impose the toughest possible sanctions on Lotte Card after a hack exposed the personal data of nearly three million customers.

The Financial Services Commission said it would conduct a sweeping inspection of the sector and impose punitive fines, extending beyond the current standard penalties, in response to serious security failures.

The regulator added that firms ignoring governmental orders to improve security will be subject to recurring enforcement charges until they comply.

Vice Chairman Kwon Dae-young warned executives that viewing cybersecurity spending as an unnecessary cost can lead to serious consequences and asked that CEOs directly supervise a full review of IT and data protection systems at their respective firms.

Lotte Card earlier confirmed that two-point-97 million customers had been impacted by a breach of its servers earlier this summer, with information including resident numbers, virtual payment codes and simplified payment service details stolen.

The commission said the incident had also exposed card numbers, expiration dates and CVC codes belonging to 280-thousand Lotte Card members.