Matchmaking giant Duo fined $1 million over massive personal data leak

This breach at Duo, a leading matchmaking service in South Korea, is particularly alarming due to the sensitive nature of the leaked information. Unlike typical data leaks, this incident exposed highly personal details such as height, weight, religion, hobbies, marital history, and even educational and employment backgrounds. This goes far beyond basic contact information, raising significant concerns about potential misuse for criminal activities, effectively amounting to a severe invasion of personal privacy.

The company's negligence is further highlighted by its failure to adhere to its own privacy policy, specifically the requirement to destroy data older than five years. A staggering 298,566 cases of un-deleted information were found, exacerbating the scale of the violation. Moreover, Duo delayed reporting the incident for approximately 72 hours without valid reason and has yet to formally notify all affected individuals.

“

We acknowledge that there were shortcomings in our personal information processing and are deeply sorry.

Duo's defense, citing the need to verify marriage outcomes for service periods and the time taken to investigate the hack, does little to assuage public concern. While the company claims no secondary damage has been reported, the potential for exploitation of such intimate data remains a grave worry. The company has stated it is working on classifying affected customers for individual notification and compensation, aiming for completion within the first half of the year. However, the lingering unease among members about the security of their most private details is palpable.

“

There have been no reports of secondary damage so far.