[Asia Economy Reporter Lim Hye-seon] The Personal Information Protection Commission conducted an on-site investigation on the 11th regarding the leakage of personal information of over 180,000 LG Uplus customers.
On that day, the Personal Information Protection Commission carried out an on-site investigation at the LG Uplus data center located in Sangam-dong, Mapo-gu, Seoul. Earlier, a fact-finding investigation began on the 9th. Yang Cheong-sam, Director of the Investigation and Coordination Bureau at the Personal Information Protection Commission, stated, "We will thoroughly investigate whether there was any violation of the Personal Information Protection Act, including the cause of the personal information leakage, the scale of the leakage, and compliance with safety measures." He added, "If violations are confirmed, strict measures will be taken, and we also plan to review LG Uplus's measures to prevent recurrence."
Previously, LG Uplus announced on its website on the 10th that "the total number of customers whose personal information was leaked is 180,000," and clarified, "The information varies by individual, but does not include names, dates of birth, phone numbers, or payment-related financial information." LG Uplus became aware of the information leakage on the 2nd. The company requested an investigation from the police cyber investigation unit and the Korea Internet & Security Agency (KISA) the following day.
Director Yang said, "It is currently known that 180,000 pieces of personal information were leaked, but there may be more, so confirming the scale of the leakage is fundamental." Regarding the criticism that LG Uplus violated the Personal Information Protection Act by not immediately notifying after the leakage, he said, "We need to check when they became aware of the incident and whether the leakage was reported and notified within 24 hours after recognizing the leakage incident."
The current Personal Information Protection Act imposes sanctions not only on acts of personal information leakage but also on failing to notify or report the leakage to users, the Personal Information Protection Commission, or specialized agencies such as KISA within 24 hours without justifiable reasons.
Meanwhile, on the same day, the Ministry of Science and ICT and KISA also conducted an on-site investigation at the LG Uplus data center.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
