 Firms to face fines for multiple data breaches, incentives for boosting security
Korea JoongAng Daily

Home > National > Social Affairs

print dictionary print

Firms to face fines for multiple data breaches, incentives for boosting security

Published: 11 Sep. 2025, 17:42
Choi Jang-hyuk, vice chair of the Personal Information Protection Commission, briefs the press on plans to strengthen personal data protection measures following the SK Telecom customer data leak at the government complex in Seoul on Sept. 11. [YONHAP]

Choi Jang-hyuk, vice chair of the Personal Information Protection Commission, briefs the press on plans to strengthen personal data protection measures following the SK Telecom customer data leak at the government complex in Seoul on Sept. 11. [YONHAP]

 
Korea plans to impose fines on companies that suffer repeated personal data breaches and hold CEOs responsible for data protection. The government also intends to offer incentives to firms that take proactive steps to protect personal information, the Personal Information Protection Commission (PIPC) announced Thursday.
 
The move follows April’s SIM card hacking incident at SK Telecom, which highlighted the need for stronger legal and technical safeguards.
 

Related Article

President Lee Jae Myung said last Thursday that “the government must prepare measures to ensure a strong response, including punitive fines, against companies that suffer repeated security breaches.”
 
The government will revise laws and regulations to ensure strict penalties for data breaches. Companies that suffer multiple hacks using the same method will face heavier fines, and fines will be considered as a long-term measure. Authorities are also exploring ways to direct the fines toward compensation for victims. The revision will explicitly state that a company’s chief executive bears final responsibility for protecting personal information.
 
A pedestrian with a phone walks by a wireless store in Seoul with a notice about SK Telecom's rate plans on Sept. 2. [YONHAP]

A pedestrian with a phone walks by a wireless store in Seoul with a notice about SK Telecom's rate plans on Sept. 2. [YONHAP]

 
Companies that go beyond legal requirements will receive incentives. Firms that encrypt optional data like phone numbers and addresses or install fraud detection systems to block suspicious activity will see their fines reduced if a breach occurs.
 
Companies that handle data for more than one million people or post revenue above 150 billion won ($108 million) — and are required to appoint a chief privacy officer — will also qualify for incentives if they assign at least one dedicated data protection staff member or allocate at least 10 percent of their information technology budget to data protection.
 
The PIPC said it will draft the legislative revisions this year and submit them to the National Assembly in the first half of next year. Proposals requiring longer review, such as the fine system, will undergo stakeholder consultations through next year.
 
Separately, the commission fined Moncler Korea 81 million won and imposed a separate 7.2 million won penalty for violating the Personal Information Protection Act after the personal data of 230,000 customers was leaked. Investigators found that the company failed to introduce an additional authentication step beyond ID and password access for its website administrators between June 2019 and January 2022. Hackers exploited the gap to deploy malware on the server and steal data.
 
Moncler Korea also delayed notifying customers. The company became aware of the leak on Jan. 17, 2022, but failed to notify customers within the legally required 24 hours, without justification.


This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY HAN EUN-HWA [[email protected]]
tags korea data breach privacy personal information protection commission sk telecom moncler korea

More in Social Affairs

Sejong bathhouse owner gets suspended sentence for electrocution deaths

Firms to face fines for multiple data breaches, incentives for boosting security

Coupang joins 600 billion won gov't startup fund in 'unicorn hunt'

Korean detainees in Georgia leave ICE processing center, head to Atlanta airport

Out-of-wedlock births skyrocket as social attitudes change, young couples game the system

Related Stories

Kakao fined $11.1 million for 2023 data breach

Police investigate leak of court, prosecution, police officials' personal information

Korea talks AI at worldwide tech summit

Chanel Korea fined for excessive data collection

Personal information watchdog fines SK Telecom $97 million over massive data leak
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
s
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)