At a January 24 general meeting of the Korea Communications Commission (KCC), it was announced that the agency had levied fines amounting to over $130,000 (at press time) against eight cryptocurrency exchanges, according to a press release on the KCC's website.
Following investigations that concluded on December 28, 2017, the entities, which include Coinone, Korbit, and Upbit's parent company Tu Namu, were found to have failed to protect user data and privacy in ways that violated several clauses of the Act On the Protection of Personal Information.
Among the shortcomings listed in the document are the failure to delete or silo some information related to users who had not been active on the platforms for over a year, the storage of personal information with third-party vendors, and the storage of personal information offshore.
The KCC is giving the violators 30 days to become compliant, and it pledged to officially offer guidance on "internal management plans, including safe management plans, related to the management of virtual currency electronic wallets and cryptographic keys and the transmission of virtual currency transactions."
On the subject of this most recent action against cryptocurrency exchanges, KCC chairman Lee Hyo-Seong said,
"While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak. Therefore, we will try to reduce the damage of users through more strict sanctions if the Korea Communications Commission ... identifies personal information in the future or identifies a provider of virtual currency that violates the [Act]."
In December 2017, the KCC fined digital asset exchange Bithumb – which was not named in the latest press release – a sum equivalent to more than $50,000 for failing to "comply with protective steps, making [the exchange] vulnerable to hacks and causing leaks of personal data and financial damage."