Samsung Securities, iMarket Korea, Karasol Solution
British American Tobacco Korea, JK Club
Fined 860 million KRW for Violations of the Personal Information Protection Act by 6 Businesses
On the 22nd, the Personal Information Protection Commission decided to impose fines totaling 862.76 million KRW and penalties of 36 million KRW on six businesses for violating personal information protection regulations.
The Commission launched investigations into Korea McDonald's, Samsung Securities, iMarket Korea, British American Tobacco Korea, JK Club, and Kara Solution following reports of personal information leaks and breaches.
As a result of the investigation, five businesses were found to have violated safety obligation measures. One business was found to have violated exceptions related to consent for the collection and use of personal information.
Korea McDonald's, operating restaurants and McDelivery services, neglected access control over backup files containing users' personal information, resulting in the leakage of personal information of 4,876,106 users through hacking and other means.
Additionally, it failed to destroy the personal information of 766,846 users past the retention period and delayed reporting and notifying the personal information leak, resulting in fines of 696.46 million KRW and penalties of 10.2 million KRW.
Samsung Securities, while operating an investment education website, failed to address web server vulnerabilities and omitted authentication procedures when accessing the administrator page, neglecting access control and causing the leakage of personal information of 48,122 users.
It was also confirmed that access logs of the personal information processing system, which must be preserved and managed for at least one year, were kept for only about a month, resulting in fines of 98 million KRW and penalties of 3.6 million KRW.
iMarket Korea and British American Tobacco Korea each leaked personal information of 4,894 and 1,540 individuals, respectively, due to negligence in access control over their personal information processing systems. iMarket Korea was fined 18.95 million KRW and penalized 3 million KRW, while British American Tobacco Korea was fined 33.78 million KRW and penalized 7.2 million KRW.
JK Club, operating a clothing shopping mall, obtained consent for the collection and use of personal information through a checkbox function during membership registration but operated with the checkbox left unchecked. It was fined 11.79 million KRW for unlawfully collecting and using personal information.
Kara Solution, operating a childcare job matching platform, leaked personal information of 1,664 users due to reasons including not applying secure authentication methods when accessing the personal information processing system externally. It was also confirmed that reporting and notifying the personal information leak were delayed, resulting in fines of 3.78 million KRW and penalties of 12 million KRW.
Jinseong Cheol, head of the Investigation Division 2 at the Personal Information Protection Commission, stated, “Businesses handling users' personal information must always recognize that personal information leakage can occur at any time due to hacking attacks or system errors, regularly check compliance with safety obligations such as access control, and promptly and lawfully carry out reporting and notification when a leakage incident occurs.”
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
