South Korea‘s Personal Information Protection Commission (PIPC) issued a 3.6 million won ($2,829) fine to OpenAI, the operator of the generative chatbot ChatGPT, due to the exposure of personal information belonging to 687 citizens.
OpenAI explained that the data exposure occurred in March when a bug in an open-source library used by ChatGPT caused a caching problem. This issue unintentionally allowed access to payment information of ChatGPT Plus subscribers for a nine-hour period. The exposed data included first and last names, email addresses, the last four digits of credit card numbers, and credit card expiration dates, as reported by Yonhap.
Among those affected, 687 users in South Korea have been confirmed to have their information exposed.
The PIPC imposed the fine on OpenAI for failing to report the data leakage to authorities within 24 hours of its discovery. However, the privacy watchdog also concluded that OpenAI cannot be held fully responsible for inadequate personal information protection measures.
Furthermore, the commission recommended that OpenAI take necessary steps to prevent similar incidents in the future, adhere to South Korea’s personal information protection law, and actively cooperate with the commission’s inspection activities.
