[Asia Economy Reporter Seulgina Jo] Four businesses using Amazon Web Services (AWS)?Yanolja, StyleShare, Jipggumigi, and SquareLab?have been sanctioned with a total fine of 185.3 million KRW, including penalties for violations of personal information protection laws.
On the 29th, the Personal Information Protection Commission held its 16th plenary meeting at the Government Seoul Office and made this decision. The commission imposed a total fine of 185.3 million KRW, a penalty of 83 million KRW, corrective orders, and public announcements on the four companies?Yanolja Co., StyleShare Co., Jipggumigi Co., and SquareLab Co.?for violations of the former Information and Communications Network Act due to inadequate personal information protection measures that led to data leaks.
These four companies operated without restricting AWS administrator access keys by IP address, allowing anyone who obtained access rights to connect from anywhere on the external internet. During this process, it was confirmed that more than 9.38 million pieces of personal information were leaked or viewed by third parties, violating personal information protection regulations. Additionally, these companies failed to destroy personal information of long-term inactive users for over a year and did not separately store and manage such information apart from other users' data.
Looking at the scale of personal information leaks and views by each business, Yanolja had 52,132 pieces of personal information leaked. StyleShare recorded 6,400,100 views. Jipggumigi had 183,323 pieces leaked and 2,325,540 views. SquareLab experienced 419,028 pieces of personal information leaked.
This is understood to be the result of service providers failing to implement basic settings while configuring and operating personal information processing systems amid the widespread use of cloud services. This sanction is evaluated as meaningful in that it encourages cloud service users to strictly restrict administrator access rights and implement personal information protection measures to prevent abnormal external access and attacks, thereby preventing personal information leaks.
Song Sang-hoon, Director of Investigation and Coordination at the Personal Information Protection Commission, stated, "To prevent personal information leaks through the cloud, we will establish and actively promote guidelines that service providers and users must follow."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
