Go to Contents Go to Navigation

Microsoft, five other entities fined for personal data leaks

All News 17:13 June 09, 2021

SEOUL, June 9 (Yonhap) -- South Korea's data protection watchdog said on Wednesday it imposed monetary penalties on six companies and institutions, including American technology giant Microsoft and an affiliate of local internet giant Kakao, for failing to protect personal information of their clients by negligence.

The Personal Information Protection Commission (PIPC) said that the six entities were ordered to pay 84.4 million won (US$75,700) in penalties -- penalty surcharges of 53.4 million won and administrative fines of 31 million won -- over leaks of their clients' personal information.

This file photo provided by the Personal Information Protection Commission shows the commission's signboard. (PHOTO NOT FOR SALE) (Yonhap)

The imposition of financial penalties came after the PIPC had received reports of personal information being leaked from the six entities due to hacking or employee mistakes. Besides Microsoft, the five others are Ground X, a blockchain subsidiary of Kakao, software company Innovation Academy, the Korea Professional Football League, the Korea Mountainbike Federation and the World MathFusion Olympiad Korea.

All of the six were slapped with an administrative fine and three of them -- Microsoft, Ground X and Innovation Academy -- were additionally ordered to pay penalty surcharges.

Microsoft is accused of failing to take protective measures, such as access control, for its personal information processing system administrator account. As a result, 119,432 Outlook email accounts were leaked worldwide, including 144 accounts of South Korean users. Reports of personal information leaks and user notifications were also delayed, the PIPC said, adding it imposed a penalty surcharge of 3.4 million won and a fine of 13 million won on Microsoft.

"Microsoft notified its users about its information leaks in English within 24 hours, but the Korean notice was delayed by 11 days," the PIPC said. "There was a controversy over whether notification in Korean was necessary. But it was finally concluded after a legal review that Korean users should be notified in Korean," it said.

Ground X was ordered to pay a penalty surcharge of 25 million won and a fine of 6 million won for being negligent in protecting passwords. Innovation Academy was slapped with a penalty surcharge of 25 million won and a fine of 3 million won over leak of clients' resident registration numbers.

ycm@yna.co.kr
(END)

HOME TOP
Send Feedback
How can we improve?
Thanks for your feedback!