The Personal Information Protection Commission (PIPC) is intensifying its investigation and penalties related to major data breaches, leading to a heated debate over the scale of these incidents. Following a recent decision to impose a fine of 620 billion won on Coupang, the financial burden on companies could escalate significantly as the scale of breaches increases. Meanwhile, users are taking proactive steps to enhance their account security.
According to the security industry on June 18, KT is expected to face penalties next month as part of the ongoing investigation into significant data breaches. Tving and CU, which have recently come under scrutiny, are also classified as major incidents, raising public awareness about data protection.
Particularly concerning is the discrepancy in estimates regarding the scale of the Tving data breach, with figures ranging from approximately 13 million to 19 million users. Data obtained by the office of Democratic Party lawmaker Lee Jeong-heon from the PIPC indicates that around 19.5 million personal records may have been compromised, but the final scale remains undetermined as investigations continue.
Industry analysts suggest that the methodology used to calculate the breach scale could vary based on whether free users, dormant accounts, accounts created through bundled services with telecommunications companies, and duplicate accounts are included. The confirmed scale will likely influence the level of fines imposed.
For users who registered using external accounts from Naver, Kakao, or Apple, there is a possibility that the same individual may manage multiple types of accounts. Therefore, establishing accurate criteria during the investigation will be a key issue. The PIPC is also examining not only the confirmed scale of the breach but also the response process from the time the incident was recognized to when it was reported, as well as compliance with safety measures.
As these incidents continue, user responses are becoming more rapid. Recently, social media and online communities have seen a surge in posts sharing methods for changing passwords for Naver, Google, and Kakao accounts, setting up two-factor authentication, organizing unused accounts, and disconnecting linked external services. There is a growing awareness that data breaches are not limited to specific services but can also affect linked accounts, prompting users to review their overall account security.
Tving supports easy login through its own membership registration as well as CJ ONE, Naver, Kakao, and Apple accounts. Consequently, users are advised to change not only their Tving account passwords but also the passwords for the primary accounts used for login, and to check login histories and connected devices. There is a prevailing sentiment that using the same password across multiple platforms could lead to broader security issues, prompting recommendations to set unique passwords for each service and implement two-factor authentication.
The use of government-provided personal information protection services has also surged. According to the PIPC, the number of applications for the 'Website Withdrawal Support Service' on the personal information portal reached 80,321 as of 4:40 PM on June 15. This marks a threefold increase compared to the 26,851 applications received on June 11.
Interest in services such as the Korea Internet & Security Agency's (KISA) 'Find My Leaked Information' and the PIPC's 'Website Withdrawal Support Service' is also rising. This increase is attributed to a growing demand for users to check whether their information has been exposed to other services and to organize unused accounts following the data breach incidents.
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.