Republic of Korea: Issued ruling in investigation into iMarket over personal data leakage

On 22 March 2023, the Korean Personal Information Protection Committee (PIPC) issued its ruling in the investigation into iMarket Korea Co. (iMarket), imposing a fine of KRW 18.95 million and a penalty of KRW 3 million. In particular, the PIPC found that iMarket failed to implement preventive and sufficient security measures to protect the stored data, which led to the exposure of 4'894 customers' personal data. Specifically, iMarket did not restrict access to personal data through IP addresses.