South Korea fines McDonald's for data leak from raw SMB share
British American Tobacco, Samsung, also burgered up their infosec
South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.
McDonald's was slapped with a ₩696 million ($530,000) fine for storing backup files that contained users of its McDelivery service on a Server Message Block (SMB) volume that left sharing enabled. Hackers waltzed in and accessed 4,876,106 users' info.
In a separate incident, another 766,846 burger-buyers whose data should have been destroyed after a retention period expired also saw their info leak, attracting a ₩10 million ($7,700) wrist slap.
The burgermeister's mess was revealed alongside news that British American Tobacco didn't take sufficient steps to mask customers' IP addresses. The company therefore coughed up info about 1,540 customers, and earned ₩40 million in fines.
Samsung Securities did a lousy job securing a web server, an error that saw data describing 48,122 users leak. The data was visible for a month, earning the chaebol a ₩100 million fine.
The commission also fined local outfits iMarket, JK Club, and Kara for leaking customer info.
Kara's fail was spectacular: it exposed admin creds to a search engine, and data inevitably leaked.
- South Korea’s data watchdog barks warnings at Microsoft and five local firms
- South Korea to treat crypto tokens and virtual assets as if they were securities
- IBM adds side order of NLP to McDonald's AI drive-thru chatbots
- McDonald's AI drive-thru bot accused of breaking biometrics privacy law
The Commission also fined four entities for bad CCTV security – among them a plastic surgery clinic that left the cameras running as its clients undressed in a changing room.
Another used the cameras it installed for security purposes to monitor employee attendance. ®