[Asia Economy Reporter Lee Seung-jin] The online luxury platform "Balan," which experienced a customer personal information leak due to hacking, has been fined and penalized.
The Personal Information Protection Commission announced on the 11th that at its 13th plenary meeting, it decided to impose a total fine of 512.59 million KRW and a penalty of 14.4 million KRW on Balan for violating the Personal Information Protection Act.
Balan suffered a leak of approximately 1.62 million pieces of customer personal information, including names, addresses, and mobile phone numbers, in two incidents in March and April. Additionally, due to a social login function error causing duplicate user identification information, personal information was exposed to other users.
According to the investigation by the Personal Information Protection Commission, Balan neglected to delete unused administrator accounts and did not restrict internet protocol (IP) addresses accessing the personal information processing system, failing to implement proper protection measures. As a result, hackers exploited unused administrator accounts to attempt hacking and leaked customer personal information.
It was also confirmed that Balan violated the Personal Information Protection Act by omitting the leaked personal information items and the timing of the leak when notifying users of the breach.
The current Personal Information Protection Act stipulates that personal information handlers must take protective measures to prevent personal information infringement damage and must notify victims within 24 hours, including information such as the leaked personal information items and the timing of the breach.
Yang Cheong-sam, Director of the Investigation and Coordination Bureau at the Personal Information Protection Commission, emphasized, "Hacking attacks targeting online shopping malls, especially those using web hosting services, are continuously occurring. While it is easy to focus on expanding scale through securing users and attracting investment in the early stages of shopping mall startups, it is also important to pay attention to protecting users' personal information and to strengthen protective measures by regularly checking security vulnerabilities."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
