OpenAI, the operator of the generative chatbot ChatGPT, has been fined 3.6 million won ($2,829) by the Personal Information Protection Commission (PIPC) in Korea for a data breach. The breach resulted in the exposure of personal information belonging to 687 Korean users.
The PIPC’s investigation revealed that a bug in an open-source library on ChatGPT led to a caching issue in March. This bug inadvertently made payment information of ChatGPT Plus subscribers visible for a nine-hour period. The exposed information included first and last names, email addresses, the last four digits of credit card numbers, and credit card expiration dates. OpenAI has since patched the bug.
The PIPC imposed the fine on OpenAI for failing to promptly report the data leakage to authorities within the required 24-hour window. However, the privacy watchdog concluded that OpenAI cannot be solely held responsible for the breach due to lax personal information protection measures.
In addition to the fine, the PIPC has recommended that OpenAI take steps to prevent similar incidents from occurring in the future. This includes compliance with Korea’s personal information protection law and active cooperation with the commission’s inspection activities.
OpenAI has confirmed that 687 users in Korea were affected by the data exposure. While the company has faced repercussions for the breach, the PIPC’s decision recognizes that the responsibility for personal information protection is a shared one.
Moving forward, it is crucial for OpenAI and similar organizations to prioritize robust security measures and ensure prompt reporting of any potential breaches. The protection of personal information is of utmost importance, and companies must take the necessary precautions to safeguard user data.
Frequently Asked Questions (FAQs) Related to the Above News
What is the reason behind OpenAI being fined by the Personal Information Protection Commission (PIPC) in Korea?
OpenAI was fined by the PIPC in Korea for a data breach that occurred due to a bug in an open-source library on its generative chatbot, ChatGPT. This bug led to a caching issue, making payment information of ChatGPT Plus subscribers visible for a nine-hour period.
How many users were affected by the data exposure?
The data exposure affected 687 Korean users.
What kind of personal information was exposed in the data breach?
The exposed information included first and last names, email addresses, the last four digits of credit card numbers, and credit card expiration dates.
Has OpenAI fixed the bug that caused the data breach?
Yes, OpenAI has patched the bug that caused the data breach.
Why was OpenAI fined for the data breach?
OpenAI was fined for failing to promptly report the data leakage to authorities within the required 24-hour window.
Is OpenAI solely responsible for the data breach according to the PIPC?
The privacy watchdog, PIPC, concluded that OpenAI cannot be solely held responsible for the breach due to lax personal information protection measures.
Apart from the fine, what other recommendations were made by the PIPC?
The PIPC recommended that OpenAI comply with Korea's personal information protection law and actively cooperate with the commission's inspection activities as a measure to prevent similar incidents in the future.
What can OpenAI and similar organizations learn from this incident?
It is crucial for OpenAI and similar organizations to prioritize robust security measures and ensure prompt reporting of any potential breaches. Protecting personal information is of utmost importance, and companies must take necessary precautions to safeguard user data.
Please note that the FAQs provided on this page are based on the news article published. While we strive to provide accurate and up-to-date information, it is always recommended to consult relevant authorities or professionals before making any decisions or taking action based on the FAQs or the news article.
