Republic of Korea: Personal Information Protection Commission opened investigation into Moncler Korea's compliance with Personal Information Protection Act

On 22 January 2022, the Personal Information Protection Commission (PIPC) opened an investigation into Moncler Korea following a breach notification. Moncler detected on 17 January 2022 that its personal information processing system had been compromised through the acquisition of administrator account credentials and the distribution of malicious software to the domain controller server. This led to the unauthorised exfiltration and encryption of data relating to approximately 230'000 individuals, including identifiers, contact information, payment card details, delivery preferences, shopping characteristics, body measurements, and transaction records.