The South Korean Communications Commission conducted a survey which revealed that all major cryptocurrency exchanges in the country had insufficient data protection for their customers. Eight of these exchanges have been sanctioned, having 30 days to solve their issues and improve the security of their systems.

A Majority of Exchanges Are in Violation

The South Korean Communications Commission (KCC) made an announcement this Wednesday that they have penalized 8 cryptocurrency exchanges with “a total of KRW141 million [~USD$132,540] in penalties for violating the Personal Information Protection Act.”

These penalties have resulted from an on-site survey of 10 exchange operators, conducted by the agency in collaboration with the Ministry of Science, Technology, and Information and the Korea Internet Development Agency (KISA).

“Among the 10 surveyed companies, all eight companies, except the two companies which stopped providing related services during the survey period, were found to be in violation of the Information and Communication Network Act,” wrote the KCC.

The list of companies that were surveyed includes Upbit, Ripple4y, Coinpia, Youbit, Korbit, Coinone, Coinplug, Eyalabs, Bizcoin, and Bizstore, according to Chosun. Bizcoin and Bizstore were not included in the list because they stopped their services during the survey. Bithumb, the world’s largest crypto exchange in the country, has been investigated separately prior to the survey.

The Sanctions

The fines were: Coinpia 15 million won, Coinone 25 million won, Coinplug 10 million won, Eyalabs 10 million won, Korbit 21 million won, Upbit 20 million won, Ripple4y 15 million won, and Youbit 25 million won.

Upbit is one of the biggest crypto exchanges on the South Korean market. The operator of the most popular Korean chat app, Kakao Talk, cooperates with this exchange. Youbit was already in the midst of a bankruptcy file when the agency ended the survey.

Bithumb was sanctioned earlier in December. They were fined with 60 million won (~$56,400) for leaking customer data.

Imposed correction Measures

KCC chairman, Lee Hyo-Sung, stated that the commission will try to reduce the damage of users by implementing stricter sanctions of any crypto exchanges that violate the Information and Communication Network Act.

“While the security threats such as virtual currency speculation and hacking of handling sites are increasing, the actual situation of personal information protection of major virtual currency exchanges is very weak,” said the KCC.

The commission has ordered all exchanges to stop all violations immediately. The exchanges are also obligated to take rectifying measures within 30 days and report the result to the KCC, announced KCC. There are also plans for providing guidelines and regular education for any exchange officers that manage personal information protection.

The KCC requires all exchanges to install and operate “an access control device such as an intrusion prevention system, [take] measures to prevent the tampering of the access record, [and take] encryption measures for secure storage and transmission of personal information,” to prevent unauthorized access to personal data.

Exchanges must also “establish and implement internal management plans,” including those that “related to the management of virtual currency electronic wallets and cryptographic keys and the transmission of virtual currency transactions,” according to KCC.

Whether the exchanges will succeed in implementing the required measures remains to be seen.