Seoul police investigate Duo data leak of 430,000 members, including weight and blood type

The Hankyoreh reports on a significant data privacy violation involving Duo Information, a prominent matchmaking company in South Korea. The Seoul Metropolitan Police Agency's cyber investigation unit is currently probing a breach that compromised the personal information of nearly 430,000 members. This incident, which came to light after Duo reported it to the Gangnam Police Station last February, has raised serious concerns about the handling of sensitive user data within the company.

Our investigation at The Hankyoreh reveals that the breach occurred in January of last year when an employee's work PC was infected with malware. This led to the leakage of a vast amount of personal data, including not only basic information like names, birthdates, and contact details but also highly private data such as weight, blood type, religion, and hobbies. Furthermore, Duo is under scrutiny for allegedly failing to adhere to legal reporting requirements, specifically not notifying the authorities within the mandated 72-hour period after confirming the leak. The company also reportedly failed to inform the data subjects themselves about the breach, especially concerning the leakage of sensitive personal information.

Compounding these issues, The Hankyoreh has uncovered that Duo allegedly collected and stored resident registration numbers without a proper legal basis and retained data from over 290,000 members beyond the stated retention period. In response, the Personal Information Protection Commission has imposed substantial penalties, including an administrative fine of 1.197 billion won and a separate fine of 13.2 million won. Duo has been ordered to immediately notify the affected members. This case highlights a critical lapse in data security and regulatory compliance by a company entrusted with highly personal information, underscoring the need for stricter oversight and accountability in the digital age.