"AI Firm's Security Negligence" Leads to Data Leak of 13,000 in Korea...Personal Information Commission Imposes Fine
Negligence in Security Vulnerability Checks on Data Generation Applicant Recruitment Platform
Delayed Reporting of Personal Information Leak
The Personal Information Protection Commission has imposed a fine of 82 million won and a penalty of 7.2 million won on Tellus International AI (hereafter Tellus), an artificial intelligence (AI) platform operator, after the personal information of 13,622 individuals in South Korea was leaked.
Tellus, a subsidiary of a Canadian telecommunications company, operates a platform that recruits applicants who can generate and evaluate AI training data, supporting corporate clients' projects.
In 2023, the platform used by Tellus to recruit and manage applicants was hacked, resulting in the personal information of 13,622 people in South Korea and approximately 680,000 people worldwide being leaked.
According to the investigation by the Personal Information Protection Commission, Tellus neglected to check for security vulnerabilities during the process of improving platform functions. The procedure to verify administrator privileges was omitted, allowing a hacker to log in as a regular user and then access all users' data.
It was also confirmed that after recognizing the personal information leak, Tellus reported the breach more than 72 hours later without justifiable reason and delayed individual notifications to users.
Additionally, the non-profit organization Korea Institute for Accreditation Support Center was also fined 55.2 million won and penalized 6 million won after the personal information of about 20,000 members was leaked by a hacker in 2023.
Names, user IDs, passwords, mobile phone numbers, addresses, dates of birth, and resident registration numbers were leaked and published on GitHub and Telegram. The organization also failed to destroy resident registration numbers collected from members between 2001 and 2014, which exacerbated the issue.
Hot Picks Today
"Pay for the Postpartum Care Center with My Car...
- Shaken Again... "Should I Just Cancel My Trip to Japan?" Heightened Tension as E...
- "You Should Throw This Food Out of Your Fridge Immediately"... Eating This 'Zero...
- “Everyone Said You’d Make Money” ? Chinese Investors Rush In and Lose Princip...
- Once a Leading 'Outdoor Legend'...Is Nepa Headed Down the Same Path as Homeplus?...
The Personal Information Protection Commission stated, "Businesses that process personal information must regularly check for and address vulnerabilities during the development and operation of their services."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
