Republic of Korea: Issued PIPC ruling following investigation into alleged e-commerce data protection violations

On 24 October 2024, the Personal Information Protection Commission (PIPC) issued a ruling in an investigation into two e-commerce businesses. The PIPC determined that Neopharm and Ilhak failed to protect personal information under the Personal Information Protection Act and imposed fines and penalty surcharges totalling KRW 123.17 million. Neopharm received a fine of KRW 151.7 million for allowing unauthorised access to the personal information of 293,723 members, while Ilhak was fined KRW 18 million after a hacker's SQL injection attack led to the leak of personal information of 10’000 individuals. The Commission mandated public announcements of these rulings on the companies' websites, underscoring the need for stringent security measures and periodic security checks to prevent future breaches.