Negligence in Security Vulnerability Checks on Data Generation Applicant Recruitment Platform
Delayed Reporting of Personal Information Leak
The Personal Information Protection Commission has imposed a fine of 82 million won and a penalty of 7.2 million won on Tellus International AI (hereafter Tellus), an artificial intelligence (AI) platform operator, after the personal information of 13,622 individuals in South Korea was leaked.
Tellus, a subsidiary of a Canadian telecommunications company, operates a platform that recruits applicants who can generate and evaluate AI training data, supporting corporate clients' projects.
In 2023, the platform used by Tellus to recruit and manage applicants was hacked, resulting in the personal information of 13,622 people in South Korea and approximately 680,000 people worldwide being leaked.
According to the investigation by the Personal Information Protection Commission, Tellus neglected to check for security vulnerabilities during the process of improving platform functions. The procedure to verify administrator privileges was omitted, allowing a hacker to log in as a regular user and then access all users' data.
It was also confirmed that after recognizing the personal information leak, Tellus reported the breach more than 72 hours later without justifiable reason and delayed individual notifications to users.
Additionally, the non-profit organization Korea Institute for Accreditation Support Center was also fined 55.2 million won and penalized 6 million won after the personal information of about 20,000 members was leaked by a hacker in 2023.
Names, user IDs, passwords, mobile phone numbers, addresses, dates of birth, and resident registration numbers were leaked and published on GitHub and Telegram. The organization also failed to destroy resident registration numbers collected from members between 2001 and 2014, which exacerbated the issue.
The Personal Information Protection Commission stated, "Businesses that process personal information must regularly check for and address vulnerabilities during the development and operation of their services."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
