Republic of Korea: Issued PIPC fines to True Good Travel, Luan Korea, and D.H. International for breaching Personal Information Protection Act

On 14 March 2024, the Korean Personal Information Protection Commission (PIPC) imposed fines of KRW 339'907 million and penalties of KRW 18 million on True Good Travel, Luan Korea, and D.H. International. The companies were found to have violated Article 29 of the Personal Information Protection Act by failing to operate an intrusion detection system and allowing personal information handlers to access the personal information processing system from outside through the information and communication network without applying secure authentication measures. True Good Travel was fined for inadequate access controls that led to personal information being leaked through internal system breaches, while Luan Korea was penalised for failing to detect data breaches and storing sensitive information in plain text without encryption. D.H. International suffered a web shell attack resulting in the theft of personal information, highlighting the need for improved file upload restrictions and vulnerability assessments.