Golfzon Data Breach Sparks Collective Legal Action in South Korea
Victims of the Golfzon data breach have initiated a collective damages lawsuit against the company, marking a growing trend of legal action following a string of high-profile breaches in South Korea. The lawsuit, filed by law firm CK on behalf of 23 plaintiffs, seeks 200,000 won (≈$150) per person in compensation, with plans to expand participation through a Naver-based class-action café.
The breach, traced to a November 2023 ransomware attack, exposed the personal data of 2.21 million individuals, including names, phone numbers, emails, dates of birth, and IDs. More sensitive information such as resident registration numbers (5,831 people) and bank account details (1,647 people) was also compromised, heightening risks of identity theft and voice phishing.
CK’s complaint alleges negligence on Golfzon’s part, citing violations of the Personal Information Protection Act, including unencrypted storage of data and failure to delete expired records for at least 380,000 users. The firm emphasized the emotional and financial harm suffered by victims, noting that the leaked data remains vulnerable to secondary exploitation.
In response to the breach, South Korea’s Personal Information Protection Commission imposed a 7.5 billion won (≈$5.6 million) penalty surcharge and a 5.4 million won fine on Golfzon. While the lawsuit aims to secure compensation, CK’s lead attorney, Choi Jin-nyeong, indicated openness to mediation if Golfzon proactively addresses victim relief.
The case follows recent breaches at Tving (OTT streaming) and Duo (matchmaking service), signaling a surge in consumer-driven legal challenges against companies failing to safeguard user data.
Source: https://en.sedaily.com/society/2026/06/29/golfzon-data-breach-victims-launch-class-action-lawsuit
Golfzon TPRM report: https://www.rankiteo.com/company/golfzon
"id": "gol1782714898",
"linkid": "golfzon",
"type": "Ransomware",
"date": "6/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2.21 million individuals',
'industry': 'Golf technology/services',
'location': 'South Korea',
'name': 'Golfzon',
'type': 'Company'}],
'attack_vector': 'Ransomware',
'data_breach': {'data_encryption': 'Unencrypted storage of data',
'number_of_records_exposed': '2.21 million',
'personally_identifiable_information': ['Names',
'Phone numbers',
'Emails',
'Dates of birth',
'IDs',
'Resident '
'registration numbers',
'Bank account '
'details'],
'sensitivity_of_data': 'High (resident registration numbers '
'and bank account details)',
'type_of_data_compromised': ['Personal data',
'Resident registration numbers',
'Bank account details']},
'date_detected': '2023-11',
'description': 'Victims of the Golfzon data breach have initiated a '
'collective damages lawsuit against the company, marking a '
'growing trend of legal action following a string of '
'high-profile breaches in South Korea. The breach, traced to a '
'November 2023 ransomware attack, exposed the personal data of '
'2.21 million individuals, including sensitive information '
'such as resident registration numbers and bank account '
'details, heightening risks of identity theft and voice '
'phishing.',
'impact': {'brand_reputation_impact': 'Emotional and financial harm to '
'victims; secondary exploitation risks',
'data_compromised': 'Personal data of 2.21 million individuals, '
'including names, phone numbers, emails, dates '
'of birth, IDs, resident registration numbers '
'(5,831 people), and bank account details '
'(1,647 people)',
'financial_loss': '7.5 billion won (≈$5.6 million) penalty '
'surcharge + 5.4 million won fine',
'identity_theft_risk': 'High (resident registration numbers and '
'bank account details exposed)',
'legal_liabilities': 'Violations of the Personal Information '
'Protection Act; collective damages lawsuit '
'seeking 200,000 won (≈$150) per person',
'payment_information_risk': 'High (bank account details exposed)'},
'post_incident_analysis': {'root_causes': ['Unencrypted storage of data',
'Failure to delete expired records '
'for at least 380,000 users']},
'references': [{'source': 'CK Law Firm'}],
'regulatory_compliance': {'fines_imposed': '7.5 billion won (≈$5.6 million) '
'penalty surcharge + 5.4 million '
'won fine',
'legal_actions': 'Collective damages lawsuit filed '
'by 23 plaintiffs (potential '
'expansion via Naver-based '
'class-action café)',
'regulations_violated': ['Personal Information '
'Protection Act']},
'title': 'Golfzon Data Breach Sparks Collective Legal Action in South Korea',
'type': 'Data Breach'}