 |
(Photo= Yonhap news) |
[Alpha Biz= Reporter Kim Jisun] On the 23rd, the Korea Communications Commission imposed a total of 151.4196 billion KRW in fines and 7.8 million KRW in penalties on Kakao for violating personal data protection regulations, along with issuing a corrective order. This fine surpasses the previous record fine of around 75 billion KRW imposed on Golfzon, making it the largest fine in history, more than double the previous one.
Previously, the commission had conducted an investigation into Kakao's technical and managerial protective measures regarding personal information related to open chat rooms. The commission found that Kakao violated obligations related to "safety measures" and "reporting and notification of leaks." According to the commission, hackers exploited vulnerabilities in the open chat rooms and are estimated to have accessed at least 65,719 pieces of personal information. The commission concluded that Kakao violated the obligation of "safety measures" by creating temporary IDs that simply linked the member serial numbers used in general chats with open chat room information without encryption.
However, Kakao countered, stating that the allegations are "not factual." Kakao explained that "member serial numbers" or "temporary IDs" are essential information required for providing all online and mobile services, including KakaoTalk messenger. These are numeric strings that can be easily obtained by anyone, even from other social networking services (SNS). Ultimately, they contain no personal information themselves, and they alone cannot identify individuals, according to Kakao. Kakao further clarified that "service serial numbers generated by businesses are not subject to encryption under relevant laws, so not encrypting them cannot be considered a violation of the law."
The commission also pointed out that although Kakao started encrypting open chat room temporary IDs from August 2020, some previously created open chat rooms were not encrypted, allowing the continued use of temporary IDs without encryption. The commission noted that hackers exploited this vulnerability to obtain temporary IDs and member serial numbers from all open chat rooms, regardless of encryption status, and combined them with other information for sale.
In response, Kakao stated that "temporary IDs, in themselves, cannot be considered personal information as they cannot identify individuals."
AlphaBIZ Kim Jisun(stockmk2020@alphabiz.co.kr)
