The Personal Information Protection Commission imposed a 98 million won penalty surcharge on the National Aviation Museum of Korea for leaking more than 10,000 members' personal information.
The Personal Information Protection Commission said on Jan. 11 that it held a plenary meeting on Jan. 10 and voted to impose a penalty surcharge on the National Aviation Museum of Korea for violating personal information protection laws and to disclose the disposition result.
According to the Personal Information Protection Commission's investigation, a hacker obtained the National Aviation Museum of Korea's administrator account by unknown means, accessed the administrator page, downloaded the personal information of 11,029 members, and sent smishing text messages containing a malicious app link to some members. The leaked member information includes name, ID, sex, date of birth, address, and contact information.
The National Aviation Museum of Korea was found to have shared three administrator accounts with about 20 employees and contractors. It also allowed external access to the administrator page without restricting the internet protocol (IP) address and permitted access using only an ID and password without certificates or other secure authentication methods. It did not review access logs of handlers.
Accordingly, the Personal Information Protection Commission plans to impose a 98 million won penalty surcharge on the National Aviation Museum of Korea and disclose the disposition result on the commission's website for one year.