Seoul Dongbu District Public Prosecutors’ Office said on June 19 that it has indicted three companies and their respective officials on charges of failure to prevent hacking attacks and leakage of private data.

Two of three companies are startups, according to the prosecution.

Facing court rulings are South Korea’s cryptocurrency exchange Bithumb operator BTC Korea, accommodation app Yeogi Eottae operator With Innovation and travel agency HanaTour. The companies’ respective high-ranking officials, responsible for personal data protection, were indicted without physical detention.

In 2017, personal information of some 31,000 Bithumb customers were hacked, leading to a loss of a combined 7 billion won ($5.9 million) worth of digital currency. The data was stored in a personal computer of a Bithumb employee.

The same year, an attack involving SQL injection gave hackers access to some 3.2 million records of reservations by some 70,000 Yeogi Eottae customers, leaving some users exposed to blackmail threats. Also, HanaTour’s 460,000 customers and 30,000 staff and executives suffered personal information leak.

“All the companies failed to take pre-emptive measures to detect vulnerabilities to a cyberattack and prevent hacking,” the prosecution said.

“In particular, Bithumb and With Innovation have seen a steep increase in revenue over the past three years. Given the size of the company, their investments in cybersecurity for private data protection has been insufficient.”

Under the Korean laws, a provider of information and communications services is obliged to come up with measures to protect personal information.

By Son Ji-hyoung (consnow@heraldcorp.com)