Golfzon faces record $5.47 mil. fine for customer data breach
Golfzon was fined 7.5 billion won ($5.47 million), the largest fine ever imposed on a company here, for leaking the personal information of over 2.21 million customers by the Public Information Protection Commission (PIPC), Thursday.
The state-run agency responsible for data protection said it decided to impose such a fine in a plenary meeting on Wednesday.
Golfzon is the country’s leading golf simulator provider.
The information leak occurred in November 2023 when the company suffered a ransomware attack. Ransomware is a type of malware that encrypts the victim’s files and demands a ransom be paid for their decryption.
PIPC said the hackers then exposed the personal information of more than 2.21 million customers and employees, including names, phone numbers, email addresses and birthdays on the dark web, which refers to web pages that can’t be found on traditional search engines.
The commission investigated Golfzon’s compliance with the Personal Information Protection Act in response to the breach and found that the company was unaware that a large amount of personal information, including resident registration numbers, was being stored and shared on its file server.
“We set the fine at the average of the company’s sales from 2020 to 2022, the three years before the incident,” Kang Dae-hyun, head of investigation division 1 of the PIPC, said. “This case emphasizes the need for thorough privacy protection measures to be applied in internal business areas that handle customer information.”