Latest news with #PIPC
Korea Herald
15-05-2025
- Business
- Korea Herald
China's Temu fined for transfer of Korean users' personal info
Chinese e-commerce platform Temu has been fined for secretly transferring South Korean users' personal information to China and Singapore, the state data protection watchdog here said Thursday. The Personal Information Protection Commission (PIPC) said it decided to impose a fine of 1.36 billion won ($970,000) on Temu during a plenary meeting Wednesday for violating the Personal Information Protection Act. In April last year, the PIPC launched an investigation into personal data collection and usage by Temu and AliExpress -- two major Chinese e-commerce platforms expanding aggressively in South Korea. While the watchdog imposed a fine of about 1.97 billion won on AliExpress three months later, it postponed a decision on Temu due to insufficient data on its local sales. Temu entrusted the processing or storage of personal information to multiple businesses in South Korea, China, Singapore, Japan and other countries for product delivery, but did not disclose that in its personal information processing policy, according to the PIPC. In addition, the company did not provide management and supervision, such as education on personal information protection measures, to the multiple partner businesses. Temu did not designate a domestic agent, though a daily average of 2.9 million South Korean people were using its online platform as of the end of 2023, the PIPC noted. The company is also accused of making it difficult for users to exercise their rights by forcing them to follow seven steps to cancel membership. But the PIPC said Temu has recently taken voluntary corrective measures, such as revising its information processing policy, disclosing its domestic agents and improving some of the membership withdrawal procedures. (Yonhap)
CNA
15-05-2025
- Business
- CNA
South Korea fines China's Temu for user data violations
SEOUL: South Korea has fined Chinese e-commerce giant Temu nearly US$1 million for illegally transferring Korean users' personal information to China and other countries, a data protection watchdog said Thursday (May 15). Chinese platforms such as Shein, Temu and AliExpress have skyrocketed in global popularity in recent years, offering a vast selection of products at stunningly low prices that have helped them take on United States titan Amazon. Temu outsources and stores users' data with companies in several countries, including China, Singapore, South Korea and Japan, according to Seoul's Personal Information Protection Commission (PIPC). But the company "failed to disclose in its privacy policy or notify users that personal data would be entrusted to overseas entities", it said in a statement. The PIPC said it fined Temu around 1.39 billion won (US$997,624) for violating the data protection act. The watchdog said Temu also failed to supervise overseas companies, including on data protection, and did not properly inspect their handling of personal information. As of 2023, an average of 2.9 million users in South Korea were using Temu daily, but the company did not designate a local representative as required by South Korean data protection law, the watchdog said. Temu also complicated the account deletion process with seven steps, making it "difficult for users to exercise their rights", it added. Temu respects the "decision by Korea's Personal Information Protection Commission and cooperated fully with the investigation", a company spokesperson told AFP. "We made improvements during the process to align with local requirements. We support efforts that promote consumer trust and strengthen data transparency," they added. Thursday's announcement comes weeks after the watchdog said Chinese artificial intelligence app DeepSeek was transferring personal data to a cloud services platform without users' consent. South Korea has previously blocked downloads of DeepSeek and moved to restrict its use on government-linked devices. The South Korean watchdog also fined AliExpress around 1.98 billion won last year for illegally transfering Korean users' data overseas. And it fined social media giant Meta 21.6 billion won last year for illegally harvesting sensitive data including sexual orientation from nearly a million South Korean Facebook users and sharing it with advertisers.
TechCrunch
08-05-2025
- Business
- TechCrunch
A timeline of South Korean telco giant SKT's data breach
In April, South Korea's telco giant SK Telecom (SKT) was hit by a cyberattack that led to the theft of personal data on approximately 23 million customers, equivalent to almost half of the country's 52 million residents. At a National Assembly hearing in Seoul on Thursday, SKT chief executive Young-sang Ryu said about 250,000 users have switched to a different telecom provider following the data breach. He said that expects this number to reach 2.5 million, more than tenfold the current amount, if the company waives cancellation fees. The company could lose up to $5 billion (around ₩7 trillion) over the next three years if it decides not to charge cancellation fees for users who want to cancel their contract early, Ryu said at the hearing. 'SK Telecom considers this incident the most severe security breach in the company's history and is putting forth our utmost effort to minimize any damage to our customers,' a spokesperson at SKT told TechCrunch in an emailed statement. 'The number of customers affected and the entity responsible for the hacking is under investigation,' the spokesperson added. A joint investigation involving both public and private entities is currently underway to identify the specific cause of the incident. The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday that 25 different types of personal information, including mobile phone numbers and unique identifiers (IMSI numbers), as well as USIM authentication keys and other USIM data, had been exfiltrated from its central database, known as its home subscriber server. The compromised data can put customers at greater risk of SIM swapping attacks and government surveillance. After its official announcement of the incident on April 22, SKT has been offering SIM card protection and free SIM card replacements to prevent further damage to its customers. 'We detected possible information leakage regarding SIM on April 19,' the spokesperson at SKT told TechCrunch. 'Following the identification of the breach, we immediately isolated the affected device while thoroughly investigating the entire system.' 'To further safeguard our customers, we are currently developing a system that can protect users' information through the SIM protection service while allowing them to use roaming services seamlessly outside of Korea by May 14,' the spokesperson said. To date, SKT has not received any reports of secondary damage and no verified instances of customer information being distributed or misused on the dark web or other platforms, the company told TechCrunch. A timeline of SKT's data breach April 18, 2025 SKT detected abnormal activities on April 18 at 11:20 pm local time. SKT found unusual logs and signs of files having been deleted on equipment that the company uses for monitoring and managing billing information for its customers, including data usage and call durations. April 19, 2025 The company identified a data breach on April 19 in its home subscriber server in Seoul, which typically houses subscriber information, including authentication, authorization, location, and mobility details. April 20, 2025 SKT reported the cyberattack incident to Korea's cybersecurity agency on April 20. April 22, 2025 SKT confirmed on its website that it detected suspicious activity, indicating a 'potential' data breach involving some information related to users' USIMs data. April 28, 2025 SKT began replacing mobile SIM cards of 23 million users, but the company has faced shortages in obtaining sufficient USIM cards to fulfill its promise to provide free SIM card replacements. April 30, 2025 South Korean police began investigating SKT's suspected cyberattack on April 18. April 30, 2025 South Korean police began investigating SKT's cyberattack on April 30. According to local media reports, many South Korean companies, including SKT, use Ivanti VPN equipment, and that the recent data breach may be connected to China-backed hackers. Per a local media report, SKT said it received a cybersecurity notice from KISA instructing the company to turn off and replace the Ivanti VPN. TeamT5, a cybersecurity company based in Taiwan, alerted the public to the worldwide threats posed by a government-backed group linked to China, which allegedly took advantage of vulnerabilities in Ivanti's Connect Secure VPN systems to gain access to multiple organizations globally. Some 20 industries have been affected, including automotive, chemical, financial institutions, law firms, media, research institutes, and telecommunications, across 12 countries, including Australia, South Korea, Taiwan, and the United States. May 6, 2025 A team of public and private investigators discovered an additional eight types of malware in SKT's hacking case. The team is currently investigating whether the new malware was installed on the same home subscriber server as the original four strains or if they are located on separate server equipment. May 7, 2025 Tae-won Chey, the chairman of SK Group, which operates SKT, publicly apologized for the first time for the data breach, some three weeks after the breach occurred. As of May 7, all eligible users have been signed up for the SIM protection service, except those living abroad using roaming services and temporarily suspended, the spokesperson told TechCrunch, adding that its fraud detection system has already been set up for all customers to prevent unauthorized login attempts using cloned SIM cards. May 8, 2028 SKT is currently assessing how to handle the cancellation fees for users affected by the data breach incident. About 250,000 users have switched to another telecom provider following the breach, according to the company's chief executive at a National Assembly hearing. South Korean authorities, meanwhile, announced that 25 types of personal information were leaked from the company's databases during the cyberattack.
Mint
28-04-2025
- Business
- Mint
DeepSeek returns to South Korean App Stores after privacy policy overhaul: What it means for users
DeepSeek, a Chinese artificial intelligence (AI) platform, has returned to South Korea's app stores after a two-month suspension prompted by data protection concerns. The service, which was initially launched in January, was temporarily pulled from the market in February after South Korean authorities raised issues regarding the handling of user data. South Korea's Personal Information Protection Commission (PIPC) had cited that DeepSeek transferred user data and queries to third parties without proper consent, which led to the suspension of the app's download options in the country. However, on Monday, the app became available again for download through major platforms, including Apple's App Store and Google Play Store. Addressing the criticism, DeepSeek has updated its privacy policy, pledging that it now handles personal data in strict accordance with South Korea's Personal Information Protection Act (PIPA). The updated policy also gives users the option to refuse the transfer of their data to certain companies in both China and the United States. 'We process your personal information in compliance with the Personal Information Protection Act of Korea,' the company stated in its latest privacy policy update. While the app is now accessible again, South Korea's data protection agency has confirmed that DeepSeek voluntarily chose to reinstate the app after making certain adjustments in line with the agency's recommendations. Authorities clarified that the app is free to resume operations, having partially addressed the privacy concerns raised earlier. Despite the improvements, DeepSeek did not immediately comment on the matter following the app's return to the market. Notably, the controversy over DeepSeek highlights ongoing concerns about data privacy, particularly in relation to foreign tech services operating in South Korea. While the country has strict regulations governing the collection and transfer of personal data, tensions remain over how international companies manage user information. (With inputs from Reuters) First Published: 28 Apr 2025, 09:18 PM IST
Korea Herald
28-04-2025
- Business
- Korea Herald
DeepSeek resumes service in S. Korea after disclosing revised info processing policy
Chinese artificial intelligence service DeepSeek resumed its service in South Korea after it disclosed a Korean-language version of its partially revised information policy Monday amid controversy over its data management. DeepSeek is currently available for downloads from app markets here following a service suspension for about two months since Feb. 15. Earlier in the day, the AI service disclosed the improved information processing policy for Korean users after the Personal Information Protection Commission revealed last week that DeepSeek transferred Korean users' personal information to three companies in China and one in the United States without obtaining their consent and disclosing the transfer in its personal information processing policy. DeepSeek also sent what users entered into the prompts to Volcano, a Chinese company affiliated with ByteDance, the parent company of Chinese social media platform TikTok, the PIPC said, asking the Chinese company to faithfully establish legal grounds for its overseas information transfers, immediately destroy the prompt information and disclose its Korean-language information processing policy. In its revised policy, DeepSeek established a separate supplementary regulation for South Korea, stating that it will process personal information in compliance with the Korean Personal Information Protection Act. "DeepSeek has said it will fully comply with the Personal Information Protection Commission's disposition, and will report the results of the corrective and improvement recommendations within 60 days," an official at the PIPC said.
