Seoul, Aug 21 (IANS) The data protection regulator here said on Thursday it will hold a plenary meeting next week to decide penalties against SK Telecom Co. over a major data breach that affected tens of millions of customers.
The Personal Information Protection Commission (PIPC) said it will convene the closed-door session next Wednesday to review proposed penalties against the country’s largest telecom operator by user numbers.
The results, however, may not be finalised if the commission’s members require further discussions, reports Yonhap news agency.
In April, SK Telecom belatedly reported the breach, in which universal subscriber identity module (USIM) data was potentially leaked during a cyberattack on its servers, prompting the company to offer free USIM replacements to around 25 million users.
The regulator earlier wrapped up an investigation into the data breach and notified SK Telecom of its planned measures late last month.
Under the personal information protection law, companies can be fined up to 3 percent of their total sales, although sales from areas unrelated to the violation can be excluded from the calculation.
Considering SK Telecom’s sales of 12.77 trillion won (US$9.13 billion) last year from its mobile communications division, the company could face a record fine of more than 300 billion won.
The PIPC fined Google and Meta a combined 100 billion won in 2022 for collecting personal information without users’ consent, which marked the highest penalty ever by the regulator.
South Korea’s telecom watchdog also ordered SK Telecom Co. to partially waive cancellation fees for non-mobile services following a major data breach that affected its 25 million mobile service users.
The move came after the country’s top carrier decided to limit the waiver of cancellation fees to mobile service customers.
The dispute resolution committee of the Korea Communications Commission said customers’ cancellations of their contracts, including non-mobile services, with SK Telecom are an “inevitable measure” sparked by the company’s negligence.
“Fixed-line services, including internet and TV, are usually sold as a combination,” the commission noted in a release, acknowledging that cancellation fees for such services are considered damage caused by the data breach.
—IANS
na/
