South Korea: Fines Two Companies for Data Breaches Due to Security Lapses

Written By Jerry Sin

South Korea’s Personal Information Protection Commission (PIPC) has fined two companies for failing to prevent data breaches caused by SQL injection attacks.

On 27 February 27, the PIPC announced fines for Business On Communication Co., Ltd. and NHNWI2 Co., Ltd., totaling KRW 139.7 million ($96,230) and KRW 71.7 million ($49,150), respectively.

These companies were targeted in cyberattacks that exposed sensitive user data:

  • Business On Communication suffered a breach affecting 179,386 users, leaking names, IDs, email addresses, and contact details.

  • NHNWI2 had a larger breach, compromising 534,903 sellers and customers, including resident registration numbers.

The PIPC found both companies violated South Korea’s Personal Information Protection Act (PIPA) by failing to:

  • Implement adequate security measures.

  • Promptly report the breaches.

  • Properly manage or delete personal data when no longer needed.

The PIPC’s decision reinforces the importance of strong cybersecurity measures and timely breach reporting. Companies handling personal data in South Korea must comply with strict privacy laws or face significant penalties.

For further details, official press release is available - here

Jerry Sin
Previous

How to Protect Against Cyberattacks That Overload Websites
Next

South Korea: Investigates DeepSeek's Data Practices with Global Partners