South Korea fines McDonald's for data leak from raw SMB share

British American Tobacco, Samsung, also burgered up their infosec

South Korea's Personal Information Protection Commission has fined McDonald's, British American Tobacco, and Samsung for privacy breaches.

McDonald's was slapped with a ₩696 million ($530,000) fine for storing backup files that contained users of its McDelivery service on a Server Message Block (SMB) volume that left sharing enabled. Hackers waltzed in and accessed 4,876,106 users' info.

In a separate incident, another 766,846 burger-buyers whose data should have been destroyed after a retention period expired also saw their info leak, attracting a ₩10 million ($7,700) wrist slap.

The burgermeister's mess was revealed alongside news that British American Tobacco didn't take sufficient steps to mask customers' IP addresses. The company therefore coughed up info about 1,540 customers, and earned ₩40 million in fines.

Samsung Securities did a lousy job securing a web server, an error that saw data describing 48,122 users leak. The data was visible for a month, earning the chaebol a ₩100 million fine.

The commission also fined local outfits iMarket, JK Club, and Kara for leaking customer info.

Kara's fail was spectacular: it exposed admin creds to a search engine, and data inevitably leaked.

The Commission also fined four entities for bad CCTV security – among them a plastic surgery clinic that left the cameras running as its clients undressed in a changing room.

Another used the cameras it installed for security purposes to monitor employee attendance. ®

More about


Send us news

Other stories you might like