Republic of Korea: Issued ruling in investigation into Backpacker regarding violation of safety measures under the Personal Information Protection Act

On 23 November 2023, the Personal Information Protection Commission (PIPC) issued a decision on the investigation of Backpacker for violation of Article 29 of the Personal Information Protection Act. The PIPC found that the company failed to take the necessary security measures, which led to a hacking incident that resulted in the theft of a user's personal information. The incident was due to a lack of vigilance against SQL injection attacks. Backpacker was fined a total of KRW 227.89 million and a penalty of KRW 3.6 million.