On the 12th, the Personal Information Protection Commission deliberated and resolved administrative measures including imposing a total fine of 802.09 million KRW and a penalty of 50.4 million KRW on businesses that violated personal information protection regulations.
First, Millie's Library, investigated following reports of personal information leaks and breaches, suffered a hacking attack due to failure to implement measures such as web firewall settings and IP restrictions on access to the personal information processing system. It was confirmed that personal information of a total of 13,393 users was leaked in two instances, including exposure of users' personal information searchable at a specific address (URL) caused by lack of access control on the website's 1:1 inquiry board, which led to a system error.
Additionally, it was found that unique identification information such as resident registration numbers on ID cards collected for user identity verification was stored without encryption measures, resulting in a total fine of 684.96 million KRW and a penalty of 20.4 million KRW.
The Personal Information Protection Commission also resolved fines and penalties for services that collected personal information of children under the age of 14 without obtaining consent from their legal guardians.
Previously, the Commission conducted an inspection on the obligation to verify legal guardian consent among major app service providers in gaming, broadcasting/video, books/comics, and messenger sectors. The investigation confirmed that five businesses operating mobile app services?Podbbang, Yeoboya, Zetamedia, Cinefox, and RyanCatchers?collected personal information of children under 14 without obtaining legal guardian consent, resulting in fines and penalties.
Millie's Library and Media Changbi, which stated through their terms of service that they do not provide services to children under 14 but operated mandatory consent items for "14 years or older" and birthdate input procedures during membership registration, were advised to establish procedures to verify whether registrants are actually 14 years or older.
Jin Seong-cheol, Head of Investigation Division 2 at the Personal Information Protection Commission, said, "Businesses handling users' personal information must always remain vigilant and conduct regular inspections to fulfill their safety obligations. In the case of children's personal information, it should be recognized as requiring special protection, and legal guardian consent must be obtained when collecting such information."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
![Clutching a Stolen Dior Bag, Saying "I Hate Being Poor but Real"... The Grotesque Con of a "Human Knockoff" [Slate]](https://cwcontent.asiae.co.kr/asiaresize/183/2026021902243444107_1771435474.jpg)
