
This photo shows a sign for the Personal Information Protection Commission (PIPC) at its office in Seoul. Courtesy of the PIPC
The data protection regulator said Thursday it will hold a plenary meeting next week to decide penalties against SK Telecom over a major data breach that affected tens of millions of customers.
The Personal Information Protection Commission (PIPC) said it will convene the closed-door session next Wednesday to review proposed penalties against the country's largest telecom operator by user numbers.
The results, however, may not be finalized if the commission's members require further discussions.
In April, SK Telecom belatedly reported the breach, in which universal subscriber identity module (USIM) data was potentially leaked during a cyberattack on its servers, prompting the company to offer free USIM replacements to around 25 million users.
The regulator earlier wrapped up an investigation into the data breach and notified SK Telecom of its planned measures late last month.
Under the personal information protection law, companies can be fined up to 3 percent of their total sales, although sales from areas unrelated to the violation can be excluded from the calculation.
Considering SK Telecom's sales of 12.77 trillion won ($9.13 billion) last year from its mobile communications division, the company could face a record fine of more than 300 billion won.
The PIPC fined Google and Meta a combined 100 billion won in 2022 for collecting personal information without users' consent, which marked the highest penalty ever by the regulator.