Louis Vuitton drew the heaviest penalty at KRW 21.385 billion. In that case, an worker’s machine was compromised by malware, permitting menace actors to reap SaaS account credentials. The breach resulted within the publicity of private information belonging to roughly 3.6 million people throughout three separate incidents between June 9 and June 13 of final 12 months. Regardless of having used the SaaS platform since 2013, Louis Vuitton Korea had by no means applied IP-based entry restrictions or enforced stronger authentication for distant entry.
Christian Dior Couture Korea was fined KRW 12.236 billion, plus a further KRW 3.6 million in penalties. In Dior’s case, a customer support consultant fell sufferer to a voice phishing (vishing) assault and straight provisioned SaaS entry to the attacker, resulting in the publicity of private information for roughly 1.95 million people. The corporate had didn’t implement IP-based entry controls, had not restricted using bulk information export instruments, and had not carried out month-to-month entry log opinions — lapses that allowed the breach to go undetected for greater than three months. The PIPC additionally confirmed that Dior missed the statutory 72-hour window for notifying authorities and affected people as soon as the breach was found.
Tiffany Korea obtained a effective of KRW 2.412 billion and a further KRW 7.2 million in penalties. The assault vector mirrored Dior’s: A customer support worker was socially engineered by means of a vishing scheme and granted the attacker entry privileges, ensuing within the compromise of private data for roughly 4,600 people. Tiffany likewise lacked IP-based entry controls and bulk obtain restrictions, and didn’t report the breach inside the required 72-hour timeframe.
