Golfzon faces record $5.47 mil. fine after data breach leaks info of 2.21 mil. customers to dark web

Models pose at a Golfzon indoor range.  Courtesy of Golfzon

Models pose at a Golfzon indoor range. Courtesy of Golfzon

By Baek Byung-yeul

Golfzon was fined 7.5 billion won ($5.47 million), the largest fine ever imposed on a company here, for leaking the personal information of over 2.21 million customers by the Public Information Protection Commission (PIPC), Thursday.

The state-run agency responsible for data protection said it decided to impose such a fine in a plenary meeting on Wednesday.

Golfzon is the country's leading golf simulator provider.

The information leak occurred in November 2023 when hackers attacked the company with ransomware.

Ransomware is a type of malware that encrypts the victim's files and demands a ransom be paid for their decryption.

PIPC said the hackers then exposed the personal information of more than 2.21 million customers and employees, including names, phone numbers, email addresses and birthdays on the dark web, which refers to web pages that can't be found on traditional search engines.

The commission investigated Golfzon's compliance with the Personal Information Protection Act in response to the breach and found that the company was unaware that a large amount of personal information, including resident registration numbers, was being stored and shared on its file server.

"We set the fine at the average of the company's sales from 2020 to 2022, the three years before the incident," Kang Dae-hyun, head of investigation division 1 of the PIPC, said. "This case emphasizes the need for thorough privacy protection measures to be applied in internal business areas that handle customer information."

In response, Golfzon apologized to its customers and promised to prevent a recurrence.

"First of all, we apologize for any inconvenience this may have caused our customers. We established the information protection promotion plan this year to comply with the Personal Information Protection Act and strengthen information security," the company said in a statement.

"Accordingly, the company is actively promoting information protection investments of four times the previous year's amount starting this year and is strengthening its privacy protection system by hiring additional experts, including a chief privacy officer."

Top 10 Stories

LETTER

Sign up for eNewsletter