Republic of Korea: Personal Information Protection Commission imposed sanctions on KT Alpha Co for alleged violation of personal information protection laws

On 9 April 2025, the Personal Information Protection Commission (PIPC) sanctioned KT Alpha Co for breaching the Personal Information Protection Act. Following a credential stuffing attack that compromised 98,000 user accounts, the company was fined KRW 4.91 million, with a KRW 6.9 million surcharge for failing to implement adequate safety measures. The PIPC also ordered KT Alpha to publicly disclose the penalties to promote transparency and accountability. It stressed the need for strict access controls and effective detection systems to protect personal data.