Home > Business > Tech

Despite a sixfold surge in breached data, protection remains insufficient

Published: 24 Sep. 2025, 15:32

KT CEO Kim Young-shub answers questions from the Science, ICT, Broadcasting and Communications Committee during a hearing on small-payment fraud cases linked to a data breach at the company at the National Assembly in Yeouido, western Seoul, on Sept. 24. [YONHAP]

The number of personal data leaks from government institutions in Korea has surged nearly sixfold over the past two years, with 3.91 million leaked details reported in 2024 alone, according to data from the Personal Information Protection Commission.

Democratic Party Rep. Lee Jung-mun said Tuesday that information submitted by the commission showed a steep rise in data breaches involving public institutions, including constitutional and central administrative agencies. A total of 650,000 details were leaked in 2022, spiking to 3.52 million in 2023 and reaching 3.91 million in 2024. Reports of such breaches rose from 23 in 2022 to 104 in 2023. As of July this year, 72 reports had already been filed, involving 910,000 leaked records.

A revision to the Personal Information Protection Act in September 2023 mandates the reporting of any leak involving unique identifiers — such as resident registration numbers — or leaks caused by hacking, even if only a single detail is stolen. The sharp increase in reports is believed to stem from the new requirement.

The most significant single breach in the past five years occurred at the Gyeonggi Provincial Office of Education in July 2023, where 2.97 million personal records were compromised. Other major cases include 1.35 million records leaked from the Korea National Council on Social Welfare, 700,000 from Kyungpook National University, 680,000 from Seoul National University Hospital, and 320,000 from Jeonbuk National University.

Korea’s public institutions currently manage a staggering 75.7 billion pieces of personal data. Central government agencies handle 30.3 billion, basic local governments manage 4.4 billion, metropolitan governments 1.2 billion and educational authorities 2.9 billion. However, the personnel and budget for data protection remain critically insufficient.

More than 10 percent of public institutions — 83 in total — had privacy protection budgets under 10 million won ($7,200) as of 2024, according to preliminary data from the commission’s privacy protection assessment.

“It is extremely serious that even public institutions holding billions of sensitive personal records lack the personnel and budget for proper data protection,” Rep. Lee said. “Protecting personal information is not optional — it's essential. We urgently need institutional reforms to mandate dedicated teams and guaranteed funding for this work.”

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JEONG JAE-HONG [[email protected]]