LG Uplus fined 6.8 bln won over personal data breach

South Korea’s data protection watchdog on Wednesday fined LG Uplus Corp. 6.8 billion won (US$5.27 million) in a personal information breach case, the largest sum ordered by the watchdog for a South Korean firm.

The Personal Information Protection Commission slapped South Korea’s No. 3 mobile carrier with the fine, saying the company’s customer authentication system (CAS) was “inadequate” overall, and its lack of investment and effort to protect customer information led to the leakage.

LG Uplus said in January the personal data of approximately 300,000 customers, including their names, birth dates, home addresses and phone numbers, had been breached in a cyberattack and exposed on an illegal website.

The commission suspected personal information stored on the carrier’s CAS was compromised in June 2018, and noted the carrier failed to do enough to protect personal information stored on its system.

Along with the fine, the commission ordered LG Uplus to strengthen the role of its chief privacy officer and rebuild its internal system to safeguard customer data.

It also called on the carrier to swiftly implement a series of safety measures LG Uplus had vowed to take following January’s incident.

“We sincerely apologize once again for any inconvenience the breach might have caused to our customers,” the company said in statement.

In February, the telecommunications service provider said it would invest 100 billion won annually to improve its network security and prevent any recurrence of such cyberattacks. It also said it will hire security specialists to review its network system and strengthen its response capabilities.

The company said it spent 64 billion won on data protection in the first half of this year.