Republic of Korea: Personal Information Protection Commission fined Telus International for violating safety measures

On 25 June 2025, the Korean Personal Information Protection Commission (PIPC) imposed a fine of KRW 82 million and a penalty of KRW 7.2 million on Telus for failing to uphold adequate cybersecurity measures on its platform. Telus is a platform operating company that recruits artificial intelligence creators and evaluators and supports client projects. The Telus recruitment platform was hacked in 2023, resulting in the leak of the personal information of 13'622 Korean data subjects and approximately 680,000 people worldwide. The PIPC found that Telus failed to check for security vulnerabilities during platform improvement. Consequently, administrator rights were not effectively verified, which enabled hackers to access all user data after logging in as general users. The investigation also found that while Telus took 72 hours to report the leak without justification and delayed the notification of the data subject, resulting in a penalty.