Republic of Korea: Personal Information Protection Commission imposed sanctions on ClassU Co for violation of personal information protection laws

On 9 April 2025, the Personal Information Protection Commission (PIPC) sanctioned ClassU Co for breaching the Personal Information Protection Act. The decision followed a data breach that affected approximately 1.6 million users, attributed to inadequate security measures, including the use of shared administrator accounts and the absence of encryption. As a result, the company was fined KRW 53.6 million and required to pay an additional penalty surcharge of KRW 7.2 million. It was also directed to publicly disclose the sanctions to promote transparency and accountability. The PIPC underscored the need for robust access controls and the proper deployment of intrusion detection systems to ensure the effective protection of personal information.