South Korean crypto exchanges hit with $130K privacy fines

South Korea’s information regulator has issued substantial fines to a number of cryptocurrency exchanges on Wednesday, following investigations into alleged breaches of data protection.

The Korea Communications Commission, which is tasked with overseeing enforcement of data protection requirements, issued the fines in an amount topping 140 million won, roughly $130,000, alleging insufficient measures had been put in place at certain exchanges to protect the users’ data.

According to announcements made by the Commission, the move is the result of investigations into 10 domestic cryptocurrency exchanges and comes as part of a wider drive in South Korea to tighten regulations and their application at crypto exchanges and associated businesses.

Of the 10 exchanges that were earmarked for investigation, failures were found at eight, with individual fines ranging up to $14,000.

The full list of exchanges and wallet services hit by the fines is as follows: Youbit, Upbit, Coinpia, Eyalabs, Korbit, Coinone, Ripple4y, and Coinplug.

Amongst the most serious of breaches identified were customer records being retained over a year after they had ceased to use the service, in addition to others who were storing sensitive customer information overseas.

According to the chairman of the KCC, Lee Hyo-Sung, their findings suggest the cryptocurrency industry in South Korea needs to tighten its approach to privacy, under threat of strict sanctions.

“While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak. Therefore, we will try to reduce the damage of users through more strict sanctions,” Lee said.

The move comes at a time of increasing efforts in South Korea to regulate cryptocurrency businesses, including controversial measures that will prevent foreign investors and traders with anonymous accounts from transacting on cryptocurrency exchanges from the end of January.

The regulator has now pledged to draw up guidance for cryptocurrency businesses, including guidelines for managing data connected to wallets, private keys and transactional information. The exchanges that have been fined in this latest round of enforcement action are now required to comply within 30 days, and to submit a full report to the commission within that time frame, indicating the seriousness of the breaches.