The South Korean Personal Information Protection Commission (PIPC) fined McDonald's, British American Tobacco and Samsung for privacy violations.
McDonald's was fined $530,000 for publicly storing backup files containing information about McDelivery users. During the hack, hackers accessed data on 4,876,106 users.
McDonald's received a second $7700 fine for leaking the data of 766,846 customers. The data should have been destroyed after the retention period expired, but was still on the server and was stolen by cybercriminals in another incident.
In addition, South Korea also issued a $48.8 million fine to British American Tobacco for the firm's failure to hide customers' IP addresses, thereby revealing information about 1,540 customers.
Investment research services company Samsung Securities was fined $122 million for failing to keep its server secure, causing cyber criminals to exploit a vulnerability in the server and steal the data of 48,122 users.
The commission also fined four South Korean organizations for poor video surveillance, including a plastic surgery clinic that left cameras on while its clients changed clothes in the locker room. Another company used security cameras to track employee attendance.