It was revealed that personal information of 430,000 members was leaked from the marriage information company Duo Information (Duo).
On the 23rd, according to the Personal Information Protection Commission, in Jan. last year an employee's work PC handling personal information at Duo was hacked, and the personal information of 427,464 full members was leaked externally.
The leaked information was confirmed to include not only basic personal details such as IDs and passwords, names, dates of birth, resident registration numbers, contact information, and addresses, but also height, weight, blood type, religion, hobbies, marital history, family relationships, education, and workplace information.
The investigation found that Duo did not apply security measures such as limiting the number of authentication failures to block attempts to access its databases by hackers. It was also confirmed to have violated its obligation to ensure safety by using insecure encryption methods for resident registration numbers and passwords.
In addition, during the full membership sign-up process, it collected and stored resident registration numbers without a legal basis, and it was also confirmed that 298,566 records of member information that had exceeded the retention period (five years) were not destroyed. It was further revealed that, even after recognizing the personal information leak, it failed to meet the obligation to report within 72 hours without justifiable reason.
The Personal Information Protection Commission imposed a penalty surcharge of 1.197 billion won and fines of 13.2 million won on Duo and ordered it to immediately notify members whose personal information was leaked. It also demanded overall improvements to the personal information management system, including strengthening security measures to prevent recurrence, adhering to the principle of minimum collection, and establishing clear destruction standards. In addition, it ordered the company to publicly disclose the disposition on its website.