South Korean job portal Incruit suffered a massive data breach after a hacking attack exposed 438 GB of personal data, affecting all 7.3 million users. The compromised information included names, contact details, education, work history, military service, disability status, 54,475 resumes, and certificates. The Personal Information Protection Commission (PIPC) imposed a 463 million won ($322,000) fine and mandated the appointment of a new chief privacy officer with expertise in data protection. Additionally, the company was ordered to implement support measures for affected users. The breach resulted in a large-scale leak of customer personal information, raising significant regulatory and reputational risks. The incident highlights vulnerabilities in handling sensitive employment-related data, with potential long-term consequences for user trust and compliance obligations.
TPRM report: https://www.rankiteo.com/company/incruitcorp
"id": "inc4362543102325",
"linkid": "incruitcorp",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '7.3 million users',
'industry': 'Job Portal / Human Resources',
'location': 'South Korea',
'name': 'Incruit',
'type': 'Private Company'}],
'data_breach': {'data_exfiltration': 'Yes (438 GB of data exfiltrated)',
'file_types_exposed': ['Databases (PII)',
'Documents (resumes, certificates)'],
'number_of_records_exposed': '7.3 million user records (438 '
'GB of data, including 54,475 '
'resumes/certificates)',
'personally_identifiable_information': 'Yes (names, contact '
'info, education, work '
'history, '
'military/disability '
'status)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employment records',
'Education records',
'Military service records',
'Disability status',
'Resumes',
'Certificates']},
'date_publicly_disclosed': '2025-10-23',
'description': 'South Korean job portal Incruit suffered a massive data '
'breach exposing the personal data of all 7.3 million users. '
'The breach involved 438 GB of data, including names, contact '
'information, education, work history, military service, '
'disability status, 54,475 resumes, and certificates. The '
"company was fined 463 million won ($322,000) by South Korea's "
'Personal Information Protection Commission (PIPC) and ordered '
'to appoint a new chief privacy officer and implement support '
'measures for affected users.',
'impact': {'brand_reputation_impact': 'High (regulatory fine and mandatory '
'corrective actions)',
'data_compromised': ['Names',
'Contact information',
'Education history',
'Work history',
'Military service records',
'Disability status',
'54,475 resumes',
'Certificates'],
'financial_loss': {'fine': '463 million KRW ($322,000 USD)'},
'identity_theft_risk': 'High (sensitive personal data exposed)',
'legal_liabilities': 'Regulatory fine and mandatory appointment of '
'chief privacy officer'},
'investigation_status': 'Completed (regulatory ruling issued)',
'post_incident_analysis': {'corrective_actions': ['Appointment of chief '
'privacy officer',
'Support measures for '
'affected users']},
'references': [{'date_accessed': '2025-10-23', 'source': 'MLex'}],
'regulatory_compliance': {'fines_imposed': '463 million KRW ($322,000 USD)',
'legal_actions': ['Mandatory appointment of chief '
'privacy officer',
'Implementation of support '
'measures for affected users'],
'regulations_violated': ["South Korea's Personal "
'Information Protection '
'Act (PIPA)'],
'regulatory_notifications': 'Public disclosure by '
'Personal Information '
'Protection Commission '
'(PIPC)'},
'response': {'remediation_measures': ['Appointment of a new chief privacy '
'officer with relevant expertise',
'Implementation of support measures for '
'affected users']},
'title': 'Incruit Data Breach Exposes Personal Data of 7.3 Million Users',
'type': 'Data Breach'}