Charisma Jonah, April 23, 2026
South Korea’s data protection authority has imposed a fine on a major matchmaking company after a cyberattack exposed sensitive personal information of hundreds of thousands of users.
The country’s Personal Information Protection Commission said the company, Duo, failed to adequately secure its database and did not respond promptly after its systems were breached.
According to the commission, hackers gained unauthorised access in January 2025 and extracted personal data belonging to more than 420,000 current and former members. The compromised information included highly sensitive details such as weight, blood type, marital history, phone numbers, residential addresses, educational background and workplace information.
Regulators also found that the company violated data protection rules by improperly collecting and storing certain categories of personal information, including national identification numbers and passwords. In addition, the firm failed to delete records of nearly 300,000 users that had been retained beyond the legally permitted period.
As part of enforcement measures, the commission ordered the company to pay a fine of 1.21 billion won (approximately $815,400), implement corrective actions to strengthen data security, and fully disclose details of the breach.
The company acknowledged the findings and expressed regret over the incident, stating that the breach resulted from a sophisticated hacking attack that was difficult to detect or prevent.
The development comes amid a broader pattern of data breaches affecting companies and online platforms in South Korea, which has led to increased regulatory scrutiny and stricter enforcement of data protection standards following public concerns over privacy and information security.
