A data breach at South Korean streaming platform Tving has affected 19.53 million users, according to government findings released on June 22, making the incident one of the largest personal-information leaks in the country’s history and raising fresh concerns about identity theft and corporate cybersecurity practices.
The revised figure is more than 6.5 million users higher than the preliminary estimate of 13 million previously disclosed by authorities.
Government data obtained from the Personal Information Protection Commission and the Ministry of Science and ICT show the breach ranks as the fourth-largest data leak ever recorded in South Korea, trailing only incidents involving Coupang, Cyworld-Nate and SK Telecom.
Compromised information reportedly includes user IDs, names, dates of birth, passwords, refund bank-account details and authentication identifiers known as Connecting Information (CI) and Duplication Information (DI).
Privacy experts have expressed particular concern about the exposure of CI and DI data because the identifiers are difficult to replace and could increase the risk of identity theft and other forms of secondary fraud.
Authorities are investigating why the number of affected accounts far exceeds Tving’s current user base, including approximately 5 million paid subscribers and 8.82 million monthly active users as of May. Officials are examining whether former subscribers, dormant accounts or users linked through affiliated services were also included in the compromised dataset.
Regulators are also reviewing the company’s response to the incident.
According to lawmaker Lee Jeong-heon, Tving detected unusual activity on May 30 but did not confirm the external transfer of a large volume of files until June 2. Government investigators have yet to determine whether the company’s response met regulatory requirements
Tving apologized to customers and said a joint public-private investigation team is continuing to examine the cause of the breach, the scope of leaked information and its potential impact.
The company said it has implemented customer-protection measures and will provide necessary support and compensation while conducting a comprehensive review of its cybersecurity systems to prevent similar incidents in the future.
