South Korea’s Personal Information Protection Commission has penalized dating company Duo for failing to promptly notify members of a data breach that occurred over a year and three months ago. The commission found Duo possessed a significant amount of sensitive personal information, increasing the potential harm from the breach. Specifically, Duo delayed informing affected individuals about the unauthorized access to their data. The penalty imposed on Duo is a fine, representing the maximum allowable sanction for this type of violation. The commission emphasized the importance of timely breach notification to allow individuals to take steps to protect themselves from potential harm, such as identity theft. This case highlights growing scrutiny of data security practices within the personal information sector in South Korea. Further details regarding the scope of the breach and the specific data compromised are expected to be released.