OpenAI’s ChatGPT, an AI-powered chatbot, recently encountered a privacy breach in South Korea, resulting in the exposure of payment data belonging to its subscribers. The incident occurred due to a bug in an open-source library within ChatGPT, which inadvertently rendered payment information visible. The compromised data included names, email addresses, the last four digits of credit card numbers, and credit card expiration dates of ChatGPT Plus subscribers. The breach lasted for a nine-hour period in March and affected a total of 687 users in South Korea.
The breach was brought to light by The Korea Times, and OpenAI promptly confirmed the incident. However, the company failed to report the leakage to authorities within the 24-hour timeframe required by law, according to the Personal Information Protection Commission (PIPC). While the PIPC acknowledged that OpenAI could not be solely held responsible for the lapse in personal information protection measures, it emphasized the importance of promptly reporting such incidents.
As a consequence, the PIPC has recommended that OpenAI takes preventive measures to avoid similar breaches in the future. The commission also urged the company to comply with Korea’s personal information protection law and actively cooperate with inspections conducted by the PIPC.
In addition to OpenAI’s violation, the PIPC imposed an additional fine of 7.4 billion won (₹47 crore) on Meta Platform, the parent company of Facebook. The fine was imposed due to Meta’s collection of personal information without user consent and its subsequent use for personalized online advertising. This is not the first time Meta has faced fines for such practices. The PIPC had previously fined Meta 30.8 billion won in September of the previous year for failing to inform users clearly and obtain their prior consent while gathering and analyzing data for personalized advertisements.
The most recent fine imposed on Meta was for personal information breaches that occurred prior to July 2018, as stated by the PIPC. The commission revealed that Meta had secretly collected the personal information of Facebook users using Facebook Login, a program that enables developers to allow users to log into their applications or websites using their Facebook accounts. While the PIPC considered filing a criminal complaint against Meta, it decided to provide the company with a grace period to address the issue independently.
In light of these incidents, both OpenAI and Meta are expected to enhance their privacy protection measures and ensure compliance with relevant laws. The fines imposed by the PIPC serve as a reminder for companies to prioritize user consent and safeguard personal information.
Frequently Asked Questions (FAQs) Related to the Above News
What is the recent privacy breach involving OpenAI's ChatGPT in South Korea?
The recent privacy breach involved a bug in an open-source library within ChatGPT, which resulted in the exposure of payment data belonging to its subscribers in South Korea.
What kind of data was compromised in the ChatGPT breach?
The compromised data included names, email addresses, the last four digits of credit card numbers, and credit card expiration dates of ChatGPT Plus subscribers.
How long did the breach last?
The breach lasted for a nine-hour period in March.
How many users in South Korea were affected by the breach?
A total of 687 users in South Korea were affected by the breach.
How did the breach come to light?
The breach was brought to light by The Korea Times.
Did OpenAI promptly acknowledge the incident?
Yes, OpenAI promptly confirmed the incident after it was reported.
Did OpenAI report the breach to authorities within the required timeframe?
No, OpenAI failed to report the leakage to authorities within the 24-hour timeframe required by law.
What was the consequence of OpenAI's failure to report the breach on time?
The Personal Information Protection Commission (PIPC) recommended that OpenAI takes preventive measures to avoid future breaches and comply with Korea's personal information protection law. OpenAI was also urged to actively cooperate with inspections conducted by the PIPC.
Was Meta Platform, the parent company of Facebook, also fined by the PIPC?
Yes, Meta Platform was fined by the PIPC for collecting personal information without user consent and using it for personalized online advertising.
Has Meta faced fines for similar practices before?
Yes, Meta had previously faced fines from the PIPC for failing to inform users clearly and obtain their prior consent while gathering and analyzing data for personalized advertisements.
What was the reason for the recent fine imposed on Meta?
The recent fine was imposed on Meta for personal information breaches that occurred prior to July 2018, involving the secret collection of personal information of Facebook users using Facebook Login.
Did the PIPC consider further legal action against Meta?
While the PIPC considered filing a criminal complaint against Meta, it decided to provide the company with a grace period to address the issue independently.
What lessons can be learned from these incidents?
These incidents serve as a reminder for companies to prioritize user consent and ensure the safeguarding of personal information. It is crucial for organizations to enhance their privacy protection measures and comply with relevant laws.
Please note that the FAQs provided on this page are based on the news article published. While we strive to provide accurate and up-to-date information, it is always recommended to consult relevant authorities or professionals before making any decisions or taking action based on the FAQs or the news article.
