Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

South Korea: PIPC fines two businesses for privacy violations

On June 27, 2024, the Personal Information Protection Commission (PIPC) published its decision as issued on June 26, 2024, in which it imposed fines on two businesses for violations of the Personal Information Protection Act (PIPA) and the Information and Communications Network Act (ICNA).

Background to the decision

The PIPC stated that regarding HotelsCombined Pty Ltd., the hotel reservation platform was designed in a way that allowed the creation of additional accounts without separate confirmation and approval procedures. The additional accounts could access detailed information including reservation and card information. The PIPC stated that a hacker utilized phishing techniques to gain unauthorized access to the names, email addresses, hotel reservation details, and card details of 1,246 Korean users. The PIPC also confirmed that notification of the breach was delayed.

Separately, the PIPC stated that Money Today Co., Ltd. was hacked and administrative accounts and member personal information were leaked. The PIPC mentioned that the hack resulted from a SQL attack which abnormally manipulates the database by using website vulnerabilities to execute malicious statements utilizing SQL. The PIPC provided that Money Today omitted safety measures and it was confirmed that information of withdrawn members was stored instead of being deleted, while the notification of a personal information breach was also delayed.

Findings of the PIPC

The PIPC stated that based on the above, HotelsCombined violated its duties under Sections 28(1) and 27-3(1) of ICNA. The PIPC mentioned the above facts and determined that Money Today violated Sections 21, 29, and 39-4 of the PIPA.

Outcomes

The PIPC imposed on HotelsCombined a fine of KRW 94.5 million (approx. $68,170) in fines and KRW 16 million (approx. $11,540) in penalties in addition to publication of the results. Regarding Money Today, the PIPC imposed fines of KRW 67.78 million (approx. $48,890) and penalties of KRW 11.4 million (approx. $8,220) in addition to the publication of these results.

You can read the press release, only available in Korean, here.