[DigitalToday reporter Jin-ho Lee] The Personal Information Protection Commission imposed a fine of more than 200 million won on the Ministry of the Interior and Safety after a personal data leak on the Government24 service.

The commission said on May 28 it decided at a plenary meeting on May 27 on measures against public institutions and contractors that violated the Personal Information Protection Act.

The interior ministry was fined 273 million won and given an additional administrative fine of 7.5 million won. In April 2024, the Government24 integrated administrative services portal run by the ministry disclosed the personal information of 1,233 people to others due to a development error in source code related to Ministry of Education NEIS-linked civil service documents and National Tax Service tax payment certificates.

In May last year, 4 cases of issuance status were viewed by others due to an authentication vulnerability in a resident registration card inquiry service provided on the Government24 website. It was also confirmed that a file of a public parking lot manager posted on a business bulletin board was exposed in Google searches.

The commission also said the interior ministry tested only individual issuance and omitted testing for corporate issuance when developing source code to reflect changes to the tax payment certificate form while operating Government24. It also did not address a vulnerability in a module used for the resident registration card issuance-status inquiry service. It was also confirmed that it reported the personal data leak belatedly.

The commission decided to impose fines and administrative fines, issue a corrective recommendation to strengthen prior review related to program development and order the publication of the disposition results.

It also took measures over violations of the Personal Information Protection Act against the Rural Development Administration, the National Institute of Agricultural Sciences, the National Institute of Animal Science and Misotech. It imposed a total of 273.6 million won in fines and 4.5 million won in administrative fines.

The commission said it will continue to check vulnerable factors that may arise during public-sector informatization projects and strengthen on-site management and oversight.