SEOUL, April 23 (AJP) - Matchmaking firm Duo was slapped with heavy fines over a massive data leak affecting nearly 430,000 users, a state-run privacy watchdog said on Thursday.
The Personal Information Protection Commission imposed about 1.2 billion won (US$810,000) in penalties and fines on the company after a Duo employee's computer was hacked in January last year, exposing sensitive personal information of some 427,464 paid members.
The leaked information included names, contact details, resident registration numbers, and passwords, along with personal data such as height, weight, and marriage history.
The commission ordered Duo to take immediate steps to correct its lax database management and illegal practices after investigators found that it lacked even basic security measures such as systems to block access after repeated login attempts, making it easy for hackers to gain access to its database. It also used an outdated encryption method that was vulnerable to cyberattacks.
The probe also revealed violations in how the company gathered and stored personal data, as it routinely collected sensitive personal information such as resident registration numbers and failed to destroy about 300,000 records of its former members that had been kept beyond the five-year retention period, increasing the scale of the breach.
The commission added Duo took 72 hours to report the breach without a valid reason, despite recognizing the leak.
"We humbly accept the commission's decision and will do our best to prevent a recurrence and further harm," said a Duo staffer.
The Personal Information Protection Commission imposed about 1.2 billion won (US$810,000) in penalties and fines on the company after a Duo employee's computer was hacked in January last year, exposing sensitive personal information of some 427,464 paid members.
The leaked information included names, contact details, resident registration numbers, and passwords, along with personal data such as height, weight, and marriage history.
The commission ordered Duo to take immediate steps to correct its lax database management and illegal practices after investigators found that it lacked even basic security measures such as systems to block access after repeated login attempts, making it easy for hackers to gain access to its database. It also used an outdated encryption method that was vulnerable to cyberattacks.
The probe also revealed violations in how the company gathered and stored personal data, as it routinely collected sensitive personal information such as resident registration numbers and failed to destroy about 300,000 records of its former members that had been kept beyond the five-year retention period, increasing the scale of the breach.
The commission added Duo took 72 hours to report the breach without a valid reason, despite recognizing the leak.
"We humbly accept the commission's decision and will do our best to prevent a recurrence and further harm," said a Duo staffer.
Copyright ⓒ Aju Press All rights reserved.
