"Investment in Personal Information Protection Should Be Seen as a Core Investment"
Task Force Launched for Investigation, Separate from Public-Private Team
"Leaked Data Transferred via Singapore"
Goh Haksoo, Chairperson of the Personal Information Protection Commission. 2025.5.20 Photo by Jo Yongjun
On May 21, Goh Haksoo, Chairperson of the Personal Information Protection Commission, stated regarding the SK Telecom personal information leak incident, "We will impose strong sanctions for any violations of the law." In his opening remarks at the "Personal Information Policy Forum," co-hosted by the Personal Information Protection Commission and the Korea CPO (Chief Privacy Officer) Association at the Bankers Club International Conference Hall in Jung-gu, Seoul, Goh emphasized, "The SKT personal information leak is a very serious incident that threatens public trust in an era of digital transformation and deepening artificial intelligence."
He noted, "With SKT, which has about 25 million subscribers, experiencing a personal information leak, public concern is extremely high," and stressed, "This incident should serve as an opportunity for both the public and private sectors to strengthen the overall personal information safety management system in our society."
He called on public institutions and private companies that handle large-scale personal information to use this as an opportunity to inspect and analyze all stages of personal information processing, identify problems, and develop improvement measures. He also suggested that organizations should concretize ongoing and continuous risk management and internal control systems for personal information protection at the enterprise level.
Goh emphasized, "To achieve this, it is important to recognize both human and material investments in personal information protection as core investments rather than costs, and to establish a system that firmly secures the role and responsibility of the CPO within organizational governance."
The Personal Information Protection Commission formed a task force (TF) and immediately launched an investigation, considering the seriousness of the matter, starting from April 22, when the leak was reported by SKT. Goh added, "The Commission is conducting a strict and independent investigation, separate from the joint public-private investigation team, and both the Commission and relevant agencies are focusing their capabilities and doing their utmost to ensure a swift investigation."
During a subsequent press briefing, Goh addressed the possibility that China or North Korea could be behind the incident, stating, "In hacking cases, it is often difficult to determine the motive," and "At this stage, it has only been confirmed that the leaked information was transferred to Singapore." He added, "The TF is focusing on what happened at SKT, why it could not be prevented, and in what ways the company failed to fulfill its safety obligations."
Goh criticized SKT for notifying users several days after becoming aware of the hacking. He assessed that SKT's notification regarding the personal information leak was insufficient and passive, stating, "It is regrettable." He continued, "In the context of institutional improvement, we are further discussing and concretizing how to establish effective relief measures for individual victims."
Regarding the scale of the fine to be imposed on SKT, Goh said, "It is difficult to estimate the specific amount at this time," but also conveyed the seriousness of the situation by stating, "This is an unprecedented case, completely different from the previous LG Uplus incident."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
