South Korea’s Personal Information Protection Commission (PIPC) has imposed a fine of KRW 82 million and a penalty of KRW 7.2 million on Telus for failing to uphold adequate cybersecurity measures on its platform. Telus is a platform operating company that recruits AI creators and evaluators and supports client projects. The Telus recruitment platform was hacked in 2023, resulting in the leak of the personal information of 13,622 Korean data subjects and approximately 680,000 people worldwide. The PIPC found that Telus failed to check for security vulnerabilities during platform improvement. Consequently, administrator rights were not effectively verified, which enabled hackers to access all user data after logging in as general users. The investigation also found that while Telus took 72 hours to report the leak without justification and delayed the notification of the data subject, resulting in a penalty.
Click here for the official article/release
Disclaimer
The Legal Wire takes all necessary precautions to ensure that the materials, information, and documents on its website, including but not limited to articles, newsletters, reports, and blogs (“Materials”), are accurate and complete. Nevertheless, these Materials are intended solely for general informational purposes and do not constitute legal advice. They may not necessarily reflect the current laws or regulations. The Materials should not be interpreted as legal advice on any specific matter. Furthermore, the content and interpretation of the Materials and the laws discussed within are subject to change.
