McDonald’s fined for data leak of 5.5M+ customers in S. Korea

The Commission for the Protection of Personal Information of South Korea (PIPC) has imposed fines on several companies for breaching confidentiality. McDonald’s, British American Tobacco, and Samsung were among those fined.

In particular, McDonald’s received a fine of $530,000 for storing backup files containing information about McDelivery delivery users in open access. During a cyber attack, hackers gained access to data about 4,876,106 users. McDonald’s also received a second fine of $7,700 for leaking the data of 766,846 buyers. The data should have been destroyed after the expiration of the shelf life, but still remained on the server and were stolen by cyber criminals during another incident.

British American Tobacco received a fine of $48.8 million for failing to hide the IP addresses of customers, which exposed information about 1540 clients. Samsung Securities, a company providing investment analysis services, was fined $122 million for failing to ensure the security of their server. Cyber criminals took advantage of the server vulnerability and stole the data of 48,122 users.

Additionally, the PIPC also found several South Korean organizations to have poor video surveillance systems. Four organizations, including a plastic surgery clinic, were fined for leaving cameras on while clients changed clothes in the locker room. Another company faced a fine for using security cameras to track employee attendance.

The PIPC’s crackdown on companies that violate confidentiality emphasizes the importance of protecting customer data. Companies must take appropriate measures to ensure that sensitive information is not accessed by unauthorized parties.

/Reports, release notes, official announcements.