This article was published on March 11, 2025, at 11:08 a.m. on the ChosunBiz RM Report site.
Recruit, a human resource (HR) tech corporation, is said to be involved in an administrative lawsuit against the Personal Information Protection Commission. This lawsuit claims that the penalty surcharge of 70.6 million won imposed by the commission due to a data breach resulting from a hacking attack is excessive. Recruit has also recently experienced another incident of data leakage and is undergoing an investigation by the commission.
On the 7th, the administrative division 4 of the Seoul Administrative Court (presided over by Director General Kim Jeong-jung) held the fifth hearing for the lawsuit filed by Recruit to overturn the penalty surcharge imposed by the Personal Information Protection Commission. The court concluded the hearing procedures that day and scheduled the verdict for the 28th.
Previously, Recruit experienced a data leak of 30,576 member personal information cases due to a hacker attack in September 2020. At that time, the commission determined that Recruit had not implemented necessary intrusion detection or blocking policies to prevent the hacking attack. It also judged that the company had neglected access control measures, such as allowing the unblocking of dormant accounts solely with an ID and password without additional authentication. Consequently, in July 2023, the commission imposed a penalty surcharge of 70.6 million won and fines of 3.6 million won on Recruit.
Subsequently, in October 2023, Recruit filed a lawsuit at the Seoul Administrative Court regarding this case. A Recruit official noted, "Imposing a penalty surcharge based on the 2023 standards for the hacking attack that occurred in 2020 is excessive." He added, "At the time of the hacking attack in 2020, Recruit had taken all necessary personal information protection measures," and emphasized that the purpose of the lawsuit is not to contest the penalty surcharge itself.
Meanwhile, Recruit has recently faced another incident of data leakage and is now under investigation by the commission. In an email sent to members on the 9th, Recruit stated, "There are circumstances suggesting that some customer information has been leaked due to an external attack." The exact extent of the damage or the method has not yet been revealed.
In response, the government announced on the 10th that the Personal Information Protection Commission plans to begin a full investigation following the verification of the facts. It is reported that the commission will examine the scale and circumstances of the data breach, as well as Recruit's compliance with personal information protection laws.