As the aftermath of the hacking of Yes 24, which has 20 million subscribers, continues, attention is focusing on the level of disciplinary action taken by the government. As concealing hacking and false explanations have sparked controversy, it is inevitable to impose fines as well as fines.
According to related industries on the 18th, the Personal Information Protection Committee launched an investigation into the leakage of Yes24 personal information from June 11. The Personal Information Committee will check the details of the leakage, the details of the leakage, the extent of the damage, and compliance with safety measures against Yes24 and dispose of any violations of the Personal Information Protection Act in accordance with related laws and regulations.
First of all, there is a possibility that Yes will be fined for "wolf report." Yes24 believes that it complied with the regulations by reporting the ransomware attack on June 9 to the Korea Internet & Security Agency and the Personal Information Commission on June 11. However, an official from the Personal Information Commission explained, "The contents of the report itself were done according to the regulations, but the exact timing of recognition can only be known by investigating," adding, "This is because the timing of recognition sometimes changes during the investigation process."
The current enforcement ordinance of the Information and Communication Network Act stipulates that information and communication service providers must report the date, time, cause and damage of the infringement to the Minister of Science and ICT or KISA within 24 hours from the time when they become aware of the infringement. Failure to comply with this law will result in a fine of up to 30 million won (27,400 U.S. dollars). In addition, according to the Personal Information Protection Act, a report must be made to the Personal Information Commission within 72 hours.
If personal information is leaked and Yes24's negligence is recognized in the process, there is a possibility that fines will be imposed in addition to fines. According to the current amendment to the Personal Information Protection Act, the penalty is 3% of total sales. Yes24's consolidated annual sales in 2024 are 671.1 billion won. If calculated based on this, the penalty is expected to be about 20 billion won.
However, Yes24 claims that there was no leakage of personal information. However, the Personal Information Commission said it confirmed the status of abnormal membership information inquiry at the time of the launch of the investigation, and expects that the results of the investigation will reveal whether personal information was leaked or not.
A similar example to Yes24 is the 2023 Golf Zone. At that time, the golf zone was attacked by ransomware and hacked personal information of 2.21 million customers. Golf zone membership information was uploaded on the dark web as it is. In response, the Personal Information Commission levied 7.5 billion won (7.5 million U.S. dollars) in fines and 5.4 million won (5.4 million won) in fines to golf zones in 2024.
An IT-related lawyer explained, "If it is proved that personal information was leaked due to Yes24's fault, a fine could be imposed."
fun3503@chosunbiz.com
- SKT's Return Is Winding the Industry's Wits
- ISMS certification to prevent carrier accidents
- Will SKT Pay Biggest Penalty Ever
- A "blind man" who doesn't know if there's an intruder or a leak
- SKT Is 'No Leakage' and Customers Are Unrested
- Government pushes to establish a 'forensics center'
- Samsung's foldable phone is released in line with the abolition of the Terminal Distribution Act
- Emphasis on payment of compensation from agents to customers
- Telco compete for 'exclusive phones' in midsummer
- “Increase investment in AI and security”