[Weekend Briefing] Luxury online shopping site fined $405K over data breaches

By Dain Oh and Kuksung Nam, The Readable
Aug. 12, 2022 9:58PM KST Updated Aug. 15, 2022 2:26PM KST

Hello, this is Dain Oh and Kuksung Nam in South Korea. This week, people living in South Korea witnessed unprecedented rain. The downpour swept away 12 people’s lives so far and 7 people are still missing. The Readable team hopes you and your beloved ones remain safe.

Here are five news stories that we have prepared for you.

1. Luxury Online Shopping Site Fined $405K Over Data Breaches

The South Korean government fined a luxury online shopping site, Balaan, for exposing personal information of its 162 million users. According to a press release by the Personal Information Protection Commission of South Korea, unidentified hackers penetrated the site twice, last March and April respectively, by using administrative accounts which had been neglected. After investigating the incidents, the PIPC concluded that Balaan did not properly manage the accounts which were supposed to be deleted when not used and failed to protect its personal information management system by restricting IP addresses which try to get access. Moreover, Balaan turned out to have omitted crucial information of the incidents, such as what and when the information was exposed, while notifying its users. The Personal Information Protection Act of South Korea requires personal information processors to notify the victims of data breaches, including what and when their information was exposed, within 24 hours after a cybersecurity breach occurs. The users’ names, addresses, and mobile phone numbers were included among the leaked information. The Commission fined Balaan 526,990,000 won in total (approximately $405,000).

2. South Korea, US Meet to Address North Korean Cyber Threats

South Korean and U.S. government officials met in Washington D.C. to address North Korean cyber threats. According to a press release by the Ministry of Foreign Affairs of South Korea, the first working group meeting between South Korea and the U.S. on North Korean cyber threats was held on August 9. “The two sides reached a common understanding that close coordination between the two countries is crucial to block the DPRK’s attempts to generate hard currency for its nuclear and missile programs through overseas information technology workers and cryptocurrency heists,” said the Ministry through the statement. The meeting was organized as a subsequent discussion, followed by the joint statement which was released after the two nations’ first bilateral summit took place on May 21. South Korean President Yoon Suk-yeol and U.S. President Joe Biden promised to “significantly expand cooperation to confront a range of cyber threats from the DPRK, including but not limited to, state-sponsored cyberattacks.”

3. Bill Gates to Deliver Address to South Korean Congress

Bill Gates, the co-chair of the Bill and Melinda Gates Foundation, will speak next Tuesday to members of the congress about how global cooperation became essential in the fight against COVID-19 and in preparation for future pandemics. The co-chair plans to stay in South Korea for three days beginning next Monday, the National Assembly Secretariat said in a press release on Tuesday. This will be the second time the co-chair will be delivering the address in the National Assembly. In April 2013, the co-chair delivered a speech to South Korea’s congress on the activities and prospects of the Gates Foundation.

4. High School Fined Over Installing Surveillance Camera in Bathrooms

The Personal Information Protection Commission (PIPC) announced on Wednesday that they had decided to impose a 5 million won fine ($3,800) on an all-male private high school in Gyeongju, a city in southeastern South Korea, for putting CCTV cameras in the school’s student bathrooms. The decision was settled in the thirteenth plenary session of the PIPC. According to a statement released to the press, the school claimed that they had installed the cameras at the request of the parents to prevent students from smoking or fighting in the bathrooms. However, the regulatory authority rejected the claim and fined the school for violating the privacy law. The private school has removed all of the surveillance cameras that were installed in the school’s student bathrooms in November 2021 after the PIPC started their inspection in June of last year, said an official in the PIPC.


The cover image of this article was designed by Areum Hwang.

Notification to our readers: There were five news stories in the original reporting and the fifth story has been deleted at the source's request.

Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.