HotelsCombined fined around $80,000 for data breach involving more than 1,200 customers

Chair of the Personal Information Protection Commission (PIPC) Ko Hak-soo participates in a meeting at Government Complex Seoul in Jongno District, Seoul, June 27. Yonhap
The Personal Information Protection Commission (PIPC) fined HotelsCombined, a Sydney-based hotel search engine, 110 million won ($79,167) on Thursday for breaching the personal data of more than 1,200 Korean customers.
In 2019, the personal information of 1,246 Korean users was leaked, including their names, email addresses, hotel reservation history and credit card information, after hackers broke into HotelsCombined's system.
Hackers took advantage of the platform's design faults, which erroneously allowed those who had access to hotel reservation information to view credit card information.
HotelsCombined also belatedly reported the breach to authorities, in violation of the then effective requirements mandating that any personal data breach be reported to the commission and affected users within 24 hours of discovery.
The PIPC approved the fine for the platform during a plenary session Thursday.
A commission official said that the data breach also affected HotelsCombined's users in many other countries, including the United Kingdom and Australia, but Korea may be the only country that has imposed a penalty for it. (Yonhap)