Republic of Korea: Personal Information Protection Commission opened investigation into KT Corporation and LG Uplus Corporation over alleged personal data breaches

On 10 September 2025, the Personal Information Protection Commission (PIPC) announced the commencement of an investigation into KT Corporation (KT) and LG Uplus Corporation (LGU+) regarding alleged personal data breaches, following incidents involving unauthorised small-sum payments affecting KT users and reports of hacking activities disclosed by a United States security publication. The PIPC noted that it had previously monitored the situation through media reports, conducted data requests and meetings with the companies concerned, and shared information with relevant authorities to establish the facts. Although neither company filed a personal data breach notification, the PIPC initiated its investigation in response to a petition from a civic group and infringement reports from affected small-sum payment victims. The investigation will focus on determining the specific circumstances of the incidents and verifying whether personal data was compromised, under the authority provided by Article 63 of the Personal Information Protection Act, which empowers the PIPC to request materials and conduct inspections in cases of reported violations or received complaints.