**South Korea to Impose Punitive Fines on Companies with Repeated Data Breaches**
South Korea’s Ministry of Science and ICT has announced plans to introduce stricter penalties for businesses that experience repeated data breaches, following a series of high-profile incidents in 2025. During a policy briefing with President Lee Jae Myung in Sejong on December 12, Science Minister Bae Kyung-hoon outlined measures to enhance cybersecurity accountability, including fines of up to 3% of a company’s annual sales for repeat offenders.
The proposal follows breaches at major firms like SK Telecom, KT Corp., and Coupang, which exposed the personal data of millions of South Koreans. Under the new regulations, fines for delayed breach reporting will increase to ₩50 million (US$339,000), up from ₩30 million. The government will also codify CEO accountability and empower chief security officers to enforce compliance. Additionally, companies’ security capabilities will be publicly assessed to incentivize stronger protections.
Beyond cybersecurity, the ministry unveiled ambitious AI and technology initiatives, including the development of one of the world’s top 10 AI models by 2026, which will be open-sourced for defense, manufacturing, and cultural applications. The K-Moonshot project aims to close the technology gap with the U.S., targeting 85% of its advanced level by 2030—up from 81.5% in 2022. Key focus areas include humanoid robots, next-generation chips, and clean energy, backed by a ₩5.9 trillion (US$4 billion) investment in strategic sectors like bio, quantum, and nuclear fusion.
South Korea also plans to become an AI hub in the Asia-Pacific region, attracting talent and startups while expanding AI integration in manufacturing, logistics, and shipbuilding. International collaborations will include AI research with the U.S. and robotics partnerships with China. The government will allocate 10% of its R&D budget to basic science and aims to develop a private-sector-led small modular reactor by 2030, supported by a ₩1.2 trillion budget.
Source: https://en.yna.co.kr/view/AEN20251212003153320
SK Telecom cybersecurity rating report: https://www.rankiteo.com/company/sk-telecom
"id": "SK-1765527019",
"linkid": "sk-telecom",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Majority of South Koreans',
'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'SK Telecom Co.',
'type': 'Telecommunications'},
{'customers_affected': 'Majority of South Koreans',
'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'KT Corp.',
'type': 'Telecommunications'},
{'customers_affected': 'Majority of South Koreans',
'industry': 'Retail/E-commerce',
'location': 'South Korea',
'name': 'Coupang Inc.',
'type': 'E-commerce'}],
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal information'},
'date_publicly_disclosed': '2025-12-11',
'description': 'The South Korean government announced plans to introduce '
'punitive fines on businesses with repeated data breaches, '
'following multiple high-profile incidents affecting major '
'companies like SK Telecom Co., KT Corp., and Coupang Inc. The '
'fines could reach up to 3% of annual sales, and delayed '
'reporting penalties will increase to 50 million won '
'(US$339,000). The government will also assess and publicly '
"disclose companies' security capabilities to encourage market "
'avoidance of businesses with poor security controls.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'public disclosure of security '
'capabilities',
'data_compromised': 'Personal information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Fines up to 3% of annual sales for repeated '
'breaches; 50 million won (US$339,000) for '
'delayed reporting'},
'lessons_learned': 'Need for stricter accountability for CEOs and chief '
'security officers, and public disclosure of security '
'capabilities to incentivize better security practices.',
'post_incident_analysis': {'corrective_actions': 'Imposition of punitive '
'fines, codification of CEO '
'responsibility, and public '
'disclosure of security '
'capabilities.',
'root_causes': 'Repeated security breaches due to '
'inadequate security controls and '
'accountability measures.'},
'recommendations': 'Strengthen security controls, ensure timely breach '
'reporting, and adopt government-assessed security '
'standards to avoid market penalties.',
'references': [{'date_accessed': '2025-12-11',
'source': 'Yonhap News Agency'}],
'regulatory_compliance': {'fines_imposed': 'Up to 3% of annual sales for '
'repeated breaches; 50 million won '
'(US$339,000) for delayed '
'reporting',
'regulations_violated': 'Personal Information '
'Protection laws',
'regulatory_notifications': 'Mandatory reporting to '
'authorities'},
'response': {'communication_strategy': 'Public disclosure of security '
'capabilities assessment'},
'stakeholder_advisories': 'Government to publicly disclose security '
'capabilities of companies to encourage market '
'avoidance of businesses with poor security '
'controls.',
'title': 'Repeated Data Breaches in South Korean Companies',
'type': 'Data Breach'}