South Korea’s Personal Information Protection Commission (PIPC) on Thursday imposed a fine of 3.6 million won ($2,829) on OpenAI, the operator of the generative chatbot ChatGPT, for exposing personal information of its 687 citizens.
According to OpenAI, a now-patched bug in an open-source library on ChatGPT created a caching issue in March. It caused an unintentional visibility of payment information of ChatGPT Plus subscribers during a nine-hour window, including first and last names, email addresses, the last four digits of credit card numbers and credit card expiration dates, Yonhap reported.
A total of 687 users in South Korea have been confirmed to be among those affected by the exposure.
The PIPC said it has fined OpenAI for breaching its duty to report a leakage to authorities within 24 hours of finding it. But the privacy watchdog concluded the company cannot be held responsible for lax personal information protection measures.
The watchdog has also recommended OpenAI take measures to prevent a recurrence of the incident, comply with South Korea’s personal information protection law and cooperate actively with the commission’s prior inspection activities, it said.
2023072746335