2900 Koreans Who Bought Luxury Watches Had Personal Info Leaked... Tag Heuer First in the World to Receive Fine in Korea

Including 2,900 Cases in Korea Among Global Leaks
Delayed Reporting Despite Being Hacked
Korea Personal Information Commission Imposes World's First Fine

French luxury conglomerate Louis Vuitton Mo?t Hennessy (LVMH)'s high-end watch brand TAG Heuer was hacked, resulting in the leak of customer information worldwide, which was revealed belatedly. Among the leaked data were information on approximately 2,900 Korean customers.

2900 Koreans Who Bought Luxury Watches Had Personal Info Leaked... Tag Heuer First in the World to Receive Fine in Korea

TAG Heuer's Smartwatch

According to the Personal Information Protection Commission and the luxury industry on the 16th, TAG Heuer was attacked by hackers during the process of rebuilding its website from late 2019 to 2020, leading to the theft of personal information such as names, genders, and countries of origin of global customers stored online.

The bigger issue is that TAG Heuer did not recognize this breach for several years. It only became aware of the incident after receiving threats from the hackers in May last year, at which point it reported the incident to the Personal Information Protection Commission and notified the affected individuals.

Under the old Personal Information Protection Act applied at the time, personal information processors must report to the Personal Information Protection Commission within 24 hours of becoming aware of a data breach and notify users as well. However, TAG Heuer was found to have made a 'delayed report' beyond this period, according to the commission's investigation.

At the plenary meeting held on February 14, the Personal Information Protection Commission decided to impose a fine of 126 million KRW for the data breach and a penalty of 7.8 million KRW for violations of safety measures and reporting and notification obligations on 'TAG Heuer Branch of LVMH Swiss Manufacturer,' the parent company of TAG Heuer. This is the first time such a penalty has been imposed in Korea.

TAG Heuer stated, "It appears that other countries considered this a minor incident or judged that the follow-up measures were appropriate," emphasizing, "There was no unauthorized access to customer financial information such as card payment numbers or account numbers."