A customer contact and address leak incident has occurred at Papa John's Korea. Currently, Papa John's Korea has posted an apology and has completed immediate measures and remedial work. In response, the Personal Information Protection Commission announced that it has launched an investigation into the personal data leak at Papa John's Korea.
On the 26th, Papa John's Korea stated in a statement, "A security vulnerability has been identified that could potentially expose some customer information to the outside," adding, "We feel a heavy sense of responsibility for the anxiety caused to our customers. We have taken immediate action, and all remedial work has now been completed."
According to Papa John's Korea, the exposed information includes customer names, contact details, and addresses. As for card information, it has been confirmed that part of the 16-digit card number has been masked. It is also reported that the card expiration date and CVC number required for payment were not exposed.
Papa John's Korea stated, "We will establish a more thorough personal information management manual and conduct a comprehensive review of our security systems to ensure that similar incidents do not recur, implementing stringent safety checks." They added, "We will actively cooperate with the ongoing investigation to ascertain the specifics of any damage and will quickly inform customers if any confirmed harm is found, followed by appropriate protective measures."
In this regard, the Personal Information Protection Commission plans to verify the specific circumstances of the leak, the extent of the damage, and the compliance with technical and managerial safety measures. They will particularly focus on verifying compliance regarding the retention and use periods for order information that exceeded the limits outlined in the personal information processing policy, with plans to impose penalties if any legal violations are discovered.
The Personal Information Protection Commission noted, "Incidents of personal information being leaked or exposed due to recent vulnerabilities in website design are on the rise," and emphasized, "Each business needs to be particularly careful about website operations, including restricting access to the administrator page and managing URLs."