South Korea fines Upbit operator $24M for lax identity verification
South Korea's tech and finance sectors have faced severe security lapses. KT Corp., the country's second-largest mobile carrier, concealed malware infections. Dunamu, operator of Upbit, failed to verify users' identities and accepted inadequate documents for verification. These failures led to significant fines.
KT Corp. discovered 43 server infections with BPFDoor malware between March and July 2024. Instead of reporting these breaches, the company kept them secret, potentially exposing customer data.
Dunamu, operator of the popular cryptocurrency exchange Upbit, also fell short in its social security processes. It failed to verify the identities of about 5.3 million users and did not report 15 suspicious transactions. Furthermore, Dunamu accepted photocopies or re-photographed images of user portraits instead of original documents for identity verification, allowing transactions by unverified users in 3.3 million cases.
The South Korean Financial Intelligence Unit imposed a significant fine of 35.2 billion won ($24.3 million) on Dunamu for violating customer identification obligations.
These security lapses highlight the need for stricter regulations and enforcement in South Korea's tech and finance sectors. KT Corp.'s concealment of malware infections and Dunamu's inadequate social security processes have raised concerns about customer data protection. The hefty fine imposed on Dunamu serves as a stern warning to other companies to adhere to security standards and customer identification obligations.
