The South Korean Communications Commission has conducted a survey of major cryptocurrency exchanges in the country and found them to have insufficient customer data protection. Eight exchanges have been sanctioned, with 30 days to resolve their issues and safeguard their systems.
All Major Exchanges Are in Violation
The South Korean Communications Commission (KCC) announced on Wednesday that it has sanctioned 8 cryptocurrency exchanges “a total of KRW141 million [~USD$132,540] in penalties for violating the Personal Information Protection Act.”
This announcement followed the agency’s on-site survey of 10 exchange operators, in collaboration with the Ministry of Science, Technology, and Information and the Korea Internet Development Agency (KISA). The KCC wrote:
Among the 10 surveyed companies, all eight companies, except the two companies which stopped providing related services during the survey period, were found to be in violation of the Information and Communication Network Act.
The 10 companies surveyed are Upbit, Ripple4y, Coinpia, Youbit, Korbit, Coinone, Coinplug, Eyalabs, Bizcoin, and Bizstore, according to Chosun. Bizcoin and Bizstore stopped their crypto-related services during the survey and were excluded from the list, the news outlet detailed. The country’s largest crypto exchange by volume, Bithumb, was previously investigated separately.
The KCC fined Upbit 20 million won (~$18,800), Ripple4y 15 million won, Coinpia 15 million won, Eyalabs 10 million won, Youbit 25 million won, Korbit 21 million won, Coinone 25 million won, and Coinplug 10 million won.
Upbit is one of South Korea’s largest cryptocurrency exchanges. It is backed by the operator of the country’s most popular chat app, Kakao Talk. Meanwhile, Youbit was already in the process of filing bankruptcy before the survey ended.
Bithumb was sanctioned by the KCC in December. The agency fined the exchange 60 million won (~$56,400) for leaking customer data.
KCC’s Rectification Measures
Lee Hyo-Sung, the KCC chairman, said that “We will try to reduce the damage of users through more strict sanctions” of any crypto exchanges that violate the Information and Communication Network Act. He elaborated:While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak.
The Commission has ordered all the exchanges to immediately stop all violations. They are to make corrections within 30 days and report the results to the KCC, the agency announced. The Commission also plans to provide guidelines and regular education for any exchange officers in charge of personal information protection.
To prevent unauthorized access to personal data, the KCC requires the exchanges to “install and operate an access control device such as an intrusion prevention system, [take] measures to prevent the tampering of the access record, [and take] encryption measures for secure storage and transmission of personal information,” the agency wrote.
The exchanges must also “establish and implement internal management plans,” including those “related to the management of virtual currency electronic wallets and cryptographic keys and the transmission of virtual currency transactions,” the KCC detailed.