South Korea’s data protection watchdog said on Wednesday that it has imposed monetary penalties on six companies and institutions, including technology giant Microsoft and an affiliate of local internet giant Kakao, for failing to protect their clients’ personal information by negligence.
The Personal Information Protection Commission (PIPC) said that the six entities were ordered to pay 84.4 million won (US$75,700) in penalties – penalty surcharges of 53.4 million won and administrative fines of 31 million won – over leaks of their client’s personal information.
The imposition of financial penalties came after the PIPC had received reports of personal information being leaked from the six entities due to hacking or employee mistakes.
Besides Microsoft, the five others are Ground X, a blockchain subsidiary of Kakao, software company Innovation Academy, the Korea Professional Football League, the Korea Mountainbike Federation, and the World MathFusion Olympiad Korea.
All of the six were slapped with an administrative fine, and three of them – Microsoft, Ground X, and Innovation Academy – were additionally ordered to pay penalty surcharges, reports Yonpah news agency.
Microsoft is accused of failing to take protective measures, such as access control, for its personal information processing system administrator account. As a result, 119,432 Outlook email accounts were leaked worldwide, including 144 accounts of South Korean users.
Reports of personal information leaks and user notifications were also delayed, the PIPC said, adding it imposed a penalty surcharge of 3.4 million won and a fine of 13 million won on Microsoft.
“Microsoft notified its users about its information leaks in English within 24 hours, but the Korean notice was delayed by 11 days,” the PIPC said. “There was a controversy over whether notification in Korean was necessary. But it was finally concluded after a legal review that Korean users should be notified in Korean,” it said.