KT fined for personal data leakThe Korea Communications Commission (KCC) hit the nation’s No. 2 mobile carrier KT with 85 million won ($83,650) in fines after the personal information of 9.81 million KT customers was leaked between last August and February in a hack on its website.
The KCC, chaired by Choi Sung-joon, held a plenary meeting yesterday in which they discussed the administrative penalty for KT’s violation of privacy, agreed on the fine and also ordered KT to implement technical and managerial security measures to prevent a recurrence.
“KT did not implement security measures such as a system to block unauthorized access to its website and encryption technology that can safely store the private data, neglecting its duty as a mobile carrier that has a large amount of personal information from the public,” said a spokesman for the KCC.
The KCC has been investigating KT since March, when the police announced the data leak. It has since been investigating whether the nation’s second-largest mobile carrier had done enough to protect their customers’ personal information and to confirm that the information was given to a third party without consent.
The commission cited KT’s poor management of its user authentication process as the main reason for the hack. KT’s inability to block access to the data was made worse by the fact that the technique used by the hacker was widely known and that the company’s website had also been hacked in July 2012.
“We expect that the administrative measure, which recognizes the responsibility of a business that compromised people’s personal data will raise alarms at other businesses that deal with personal information,” said the KCC chief.
“We will do our best to minimize people’s damages and concerns by actively checking companies’ protective privacy measures.”
KT expressed regret over the KCC’s decision, saying that it was surprised that the KCC had imposed such harsh penalties as a violation of law since the incident was committed by professional hackers. KT said that it had done its best to comply with legal security levels.
After criticism that its sanctions were too weak, the KCC has said it will fine a business 3 percent of its sales for personal data leaks that are found to have happened since December. The commission will introduce compensation of up to 3 million won in damages to each victim.
BY KIM JUNG-YOON [email@example.com]