South Korea’s data protection watchdog imposed monetary penalties on six companies and institutions, including technology giant Microsoft and an affiliate of local internet giant Kakao, for failing to protect the personal information of their clients by negligence.

The Personal Information Protection Commission (PIPC) said that the six entities were ordered to pay 84.4 million won (US$75,700) in penalties — penalty surcharges of 53.4 million won and administrative fines of 31 million won — over leaks of their client’s personal information.

The imposition of financial penalties came after the PIPC had received reports of personal information being leaked from the six entities due to hacking or employee mistakes.

Besides Microsoft, the five others are Ground X, a blockchain subsidiary of Kakao, software company Innovation Academy, the Korea Professional Football League, the Korea Mountainbike Federation and the World MathFusion Olympiad Korea.

Buy Me A Coffee

All of the six were slapped with an administrative fine and three of them — Microsoft, Ground X and Innovation Academy — were additionally ordered to pay penalty surcharges.

Microsoft is accused of failing to take protective measures, such as access control, for its personal information processing system administrator account. As a result, 119,432 Outlook email accounts were leaked worldwide, including 144 accounts of South Korean users.

Reports of personal information leaks and user notifications were also delayed, the PIPC said, adding it imposed a penalty surcharge of 3.4 million won and a fine of 13 million won on Microsoft.

READ
Critical Vulnerability Found in LiteSpeed Cache Plugin, Affecting Millions of WordPress Sites

“Microsoft notified its users about its information leaks in English within 24 hours, but the Korean notice was delayed by 11 days,” the PIPC said. “There was a controversy over whether notification in Korean was necessary. But it was finally concluded after a legal review that Korean users should be notified in Korean,” it said.

Ground X was ordered to pay a penalty surcharge of 25 million won and a fine of 6 million won for being negligent in protecting passwords. Innovation Academy was slapped with a penalty surcharge of 25 million won and a fine of 3 million won over the leak of clients’ resident registration numbers.