Kakao fined $11.1 million for 2023 data breach
이 글자크기로 변경됩니다.
(예시) 가장 빠른 뉴스가 있고 다양한 정보, 쌍방향 소통이 숨쉬는 다음뉴스를 만나보세요. 다음뉴스는 국내외 주요이슈와 실시간 속보, 문화생활 및 다양한 분야의 뉴스를 입체적으로 전달하고 있습니다.
Korean tech giant Kakao was fined 15.1 billion won ($11.1 million), the highest penalty ever imposed on a domestic firm, by the country’s privacy watchdog for leaking more than 65,000 users’ personal data last year.
The KakaoTalk operator opposed the decision, saying that it would take potential legal action to contest it.
The Personal Information Protection Commission (PIPC) said Thursday that it had approved the fine during its plenary session on Wednesday, concluding that Kakao's negligence in protecting user information was responsible for the data leak.
The fine is more than twice the highest recorded the PIPC has ever imposed, which was levied on screen golf chain Golfzon in May.
The PIPC launched an investigation into Kakao last March following media reports that user information from the open chat service on KakaoTalk, the country’s dominant messaging app, was being illegally traded on websites, including those that sold online marketing programs.
KakaoTalk offers a number of open chat rooms that any user can join. Participants are able to create a temporary user ID for each one they join, which is tied to a purportedly private serial number. Kakao, however, failed to encrypt some serial numbers used in open chat rooms before August 2020, allowing hackers to identify them through a vulnerability in the platform's contact adding function, according to the PIPC. This allowed the hackers to identify the users' real names, phone numbers and open chat room nicknames.
The utilized hacking methods had previously been revealed in online developer communities, according to the PIPC, but did not prompt Kakao to take action. Kakao also failed to report the incident immediately after becoming aware of it, the commission added.
“The agency has confirmed that hackers accessed at least 65,710 users’ personal information,” said Nam Suk, the PIPC's director-general for investigation and coordination, adding that data from 696 users of KakaoTalk's open chat rooms had been sold and uploaded onto “other websites.”
Police are currently investigating the exact scope of the data leak, Suk said.
Kakao said in a news release Thursday that the “hackers’ illegal activities” should not be attributed to “negligence” in the company's security measures and contested that the leaked data constituted personal information.
“Users’ serial numbers and ad hoc IDs do not contain any personal information in itself and cannot be used to identify individuals. The serial numbers generated by the service are not legally required to be encrypted, so not encrypting them cannot be considered a violation of the law,” Kakao said.
“We are constantly monitoring external communities and social network services and inspecting security issues through a task force.”
The company added that it will be “looking into legal measures including administrative litigation” in response to the PIPC’s decision.
BY LEE HAY-JUNE, KIM JU-YEON [kim.juyeon2@joongang.co.kr]
Copyright © 코리아중앙데일리. 무단전재 및 재배포 금지.
- Concerts over cosmetics: Korea's tourism posts biggest deficit in 5 years
- Nerve agent powder discovered in passenger's bag at Incheon Airport
- Naver at risk of losing Thailand, Taiwan messenger businesses
- SNU grads arrested for fake pornography of women on campus
- [단독] 한국에 온 머스크의 칼… 테슬라코리아 희망퇴직 단행
- Convicted rapist Jung Joon-young leaves prison after five-year sentence
- Korean among injured after severe turbulence hit Singapore-bound flight, killing British man
- Estranged wife of SK chairman claims husband spent over 100 billion won on live-in partner
- Fans flock to 'Lovely Runner' pop-up store in Yeouido
- Koo Ha-ra played pivotal role in exposing the Burning Sun scandal: BBC