[Asia Economy Reporter Kang Nahum] LG Uplus, Com2uS, and Logen have been fined for violating the Personal Information Protection Act.
The Personal Information Protection Commission announced on the 28th that it held a plenary meeting at the Government Seoul Office and decided to impose a total fine of 31.2 million KRW on eight businesses that violated personal information protection regulations.
This investigation was conducted after the businesses reported personal information leaks to KISA (Korea Internet & Security Agency). At LG Uplus, it was confirmed that some pages within the employee education system were accessible without login, and special character blocking functions were not applied.
As a result, hackers attacked LG Uplus using SQL Injection (Structured Query Language Injection), a technique that manipulates database queries to extract desired data. Consequently, email information of LG Uplus employees was posted on the dark web.
Daedong Hospital had a vulnerability in the file upload function of its homepage bulletin board. It suffered a web shell attack, resulting in the leakage of member email information. A web shell is code that can issue commands to a system, allowing remote control of the web server through its vulnerabilities.
In the case of Logen, it was revealed that a courier branch manager illegally provided an account that could access personal information to a third party.
Five businesses including Com2uS experienced personal information leaks due to mistakes by staff, such as mistakenly posting personal information on their homepage, leaving personal information documents unattended, and lax access control of personal information processing systems.
Yang Cheongsam, Director of the Investigation and Coordination Bureau at the Personal Information Protection Commission, stated, "Personal information leaks occur not only due to external hacking but also internal factors such as staff mistakes. To prevent personal information leaks, it is necessary to continuously inspect the mandatory safety measures of personal information processing systems and to enhance awareness through personal information protection education for those responsible."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
