Major corporations such as SK Telecom, YES24, and GS Retail have seen a string of large-scale personal data breaches, but the Personal Information Protection Commission (Personal Information Protection Commission) has had only 31 investigators for the fourth year, raising concerns about investigation delays.
According to the government on the 9th, the Personal Information Protection Commission's investigation workforce has remained at 31 since 2022, and six of them are temporary positions.
The problem is that hacking and the scale of leaks are surging. Even the cases the Personal Information Protection Commission recently launched are mostly major ones, including unauthorized small payments at KT, a Lotte Card customer data leak, and an SK shieldus dark web leak. It is also under investigation whether personal information was leaked in connection with the "BPFdoor (BPFDoor)" malware infection of KT's servers.
The number of leaks is skyrocketing. According to the Personal Information Protection Commission's tally, the scale of leaks increased from 648,000 in 2022 to 10,112,000 in 2023 and 13,770,000 last year. This year, from January to April alone, a total of 36,000,000 cases were leaked, including about 25,000,000 from the SK Telecom hacking incident.
With limited staff handling multiple cases in parallel, the GS Retail probe launched early this year and the YES24 case that began on June are still without conclusions.
Song Gyeong-hui, chair of the Personal Information Protection Commission, said at a recent press briefing, "The number of investigations has surged, making it difficult to allocate personnel," and added, "As we focus staff on large-scale cases, the handling of relatively minor cases can be delayed." She added, "The number of Researchers remained the same as in 2022, but the number of dispositions rose 56% and the scale of incidents increased by more than 500%."
The Personal Information Protection Commission adjusts the number of Researchers according to the severity of a case. In the case of the SK Telecom USIM information leak that occurred early this year, it concentrated investigative personnel considering the impact, and in August, four months after launching the probe, it imposed a penalty surcharge of 134,791,000,000 won on SK Telecom.
However, concentrating personnel on such large cases inevitably delays others. A Personal Information Protection Commission official said, "In the SKT case, we formed a task force by adding outside personnel such as the Korea Internet & Security Agency (KISA) to 4–5 Commission staffers, but it's difficult to deploy that way for every case," adding, "With hacking techniques becoming more sophisticated recently, it is not easy to conduct investigations and prevention in parallel."