Republic of Korea: Personal Information Protection Commission fined 2K Games KRW 217.1 million for noncompliance with security obligations

Personal Information Protection Commission fined 2K Games KRW 217.1 million for noncompliance with security obligations

On 11 December 2025, the Personal Information Protection Commission (PIPC) fined 2K Games KRW 217.1 million for a personal information breach affecting approximately 12,906 domestic users. The breach, discovered around 28 September 2022, occurred after hackers accessed helpdesk administrator accounts. The PIPC found that 2K Games had not implemented additional authentication measures for system access since 2011 and delayed reporting the incident to the PIPC and notifying affected users, in breach of the Personal Information Protection Act in effect at the time.

Original source

Scope

Policy Area

Data governance

Policy Instrument

Cybersecurity regulation

Regulated Economic Activity

software provider: other software

Implementation Level

national

Government Branch

executive

Government Body

data protection authority

Complete timeline of this policy change

Hide details

2025-12-11

in force

On 11 December 2025, the Personal Information Protection Commission (PIPC) fined 2K Games KRW 217.1…

Description

Personal Information Protection Commission fined 2K Games KRW 217.1 million for noncompliance with security obligations

Scope

Complete timeline of this policy change