Seoul: South Korea's data protection regulator is likely to finalize penalties against SK Telecom Co. as early as this month over a major data breach that affected all of its 25 million users, officials said Tuesday.
According to Yonhap News Agency, the Personal Information Protection Commission (PIPC) gave preliminary notice to SK Telecom late last month about the measures based on its investigation into the data leak, allowing the company at least 14 days to submit an opinion. After SK Telecom files the opinion, the privacy watchdog will propose the finalized measures during a plenary session, which could take place as early as August 27.
A PIPC official mentioned, "While it's difficult to pinpoint an exact date, (we) seek to produce results as soon as possible." The investigation by the privacy watchdog focused on whether the company properly notified its users about the data leak and adhered to legally mandated security protocols.
Under PIPC regulations, companies can be fined up to 3 percent of their total sales. However, sales from areas unrelated to the law violation can be excluded from the calculation. SK Telecom reported the breach in April, revealing that universal subscriber identity module data was potentially leaked during an unidentified cyberattack on its servers.