Personal data of 2,900 Korean customers exposed in TAG Heuer website hack

TAG Heuer's website was hacked, exposing the personal data of 2,900 Korean customers, between 2019 and 2020, Korea's data protection watchdog said Sunday.

Passersby walk in front of a TAG Heuer store in Seoul on Sunday. [YONHAP]

The personal data of some 2,900 Korean customers was leaked after TAG Heuer, a Swiss luxury watch brand owned by France's LVMH, was hacked, the Personal Information Protection Commission said Sunday.

The breached occurred between 2019 and 2020, when hackers attacked TAG Heuer's website, the country's data protection watchdog said, and obtained information such as names, sexes and nationalities.

The commission has not announced the size of the breach apart from the fact that 2,900 Koreans were impacted.

Addresses, payment information and phone numbers were not exposed, the commission added.

TAG Heuer uncovered the incident and reported it to the commission last May. The company did not publicize the event immediately, discussing it instead in a closed-door meeting.

The commission, in February, fined TAG Heuer 126 million won ($91,000) for the breach and an additional 7.8 million won for its delayed reporting. Data protection laws in effect at the time required managers of data to report breaches to the commission and notify impacted users within 24 hours of their discovery.

Korea was the first country to impose a penalty on TAG Heuer for the incident.

Public concerns surrounding the leak of personal data are growing as Chinese e-commerce platforms like AliExpress and Temu increase their presence in Korea.

Temu's personal data policy allows for the transfer of Korean customers' personal data to countries including the United States, Singapore, Japan and the Netherlands.

The commission, earlier in the month, announced that the government would evaluate the personal information processing policies of 49 companies and institutions, including AliExpress, Temu, Naver and Kakao, for the first time.

A company's processing policy is meant to detail how the entity collects and uses personal information, as well as related safety measures.

BY SARAH CHEA [chea.sarah@joongang.co.kr]