OpenAI, the operator of the generative chatbot ChatGPT, has been fined 3.6 million won ( ₹2.32 lakh) by South Korea’s Personal Information Protection Commission (PIPC) for exposing personal information of 687 South Korean citizens on 27 July.
The exposure occurred due to a bug in an open-source library on ChatGPT, which caused the inadvertent visibility of payment information, including names, email addresses, the last four digits of credit card numbers, and credit card expiration dates of ChatGPT Plus subscribers. The incident took place during a nine-hour window in March, reported The Korea Times. OpenAI confirmed that 687 users in South Korea were among those affected by the exposure.
Also read: Open AI CEO Sam Altman’s Worldcoin rallies on first day; around $145 million worth of token traded
The PIPC stated that OpenAI breached its duty by not promptly reporting the leakage to authorities within 24 hours of its discovery. However, the privacy watchdog concluded that the company cannot be solely held responsible for lax personal information protection measures.
The PIPC has recommended OpenAI to take preventive measures to avoid similar incidents in the future, comply with Korea’s personal information protection law, and actively cooperate with the commission’s inspection activities.
Also read: Facebook parent Meta predicts strong quarterly revenue fuelled by digital ad growth, shares rally
In addition, the PIPC has imposed an additional fine of 7.4 billion won ( ₹47 crore) on Facebook’s Meta Platform for collecting personal information without user consent and using it for personalised online advertising. The commission had previously fined Meta 30.8 billion won in September of the previous year for failing to inform users clearly and obtain their prior consent when collecting and analysing data to provide personalised advertisements, reported The Korea Times.
The latest fine was imposed for personal information breaches committed before July 2018, PIPC stated. Moreover, the PIPC found that Meta had secretly collected Facebook users’ personal information through “Facebook Login”, a program that allows developers to have users log into their applications or websites using their Facebook accounts. Although the PIPC considered filing a criminal complaint against Meta, it decided to provide the company with a grace period to address the issue on its own.