iRent leaked 400,000 pieces of personal information, the company determined that there was negligence, fined 200,000 yuan according to law, and demanded continuous corrections.
[Reporter Zheng Weiqi/Taipei Report] The foreign media "TechCrunch" recently disclosed that iRent, a car-sharing service under the Hetai Group, had leaked user personal information. Renwen went to iRent (Heyun Mobile Service Co., Ltd.) to investigate and confirmed that Heyun Mobile Service Company had deficiencies in personal data maintenance, and did not comply with the "Personal Data Protection Law" and "Automobile Industry Personal Data File Safety Maintenance Plan and Processing "Measures", taking appropriate security measures to leak personal data, and still not correcting by the deadline, will be fined 200,000 yuan according to law, and required to submit complete and corrected data before February 28.
In the iRent users' personal data leakage incident, Heyun Mobile Service Company received a letter from customer service on January 28 this year informing them that the database had a risk of leakage. After investigation, there was a protective gap in the temporary storage database for the log file of the recording application. Using specific technologies and tools, external personnel were able to access the database to inquire about membership changes in the past three months, resulting in the leakage of more than 400,000 pieces of personal information.
Please read on...
After the outbreak of the personal information leakage incident, when the company sent people to investigate for the first time, it immediately asked Heyun Action Service Company to provide the root cause of the personal information leakage incident, investigation status, follow-up handling of the incident and corrective actions before February 3, as well as The personal information security maintenance measures adopted, whether the obligation of prevention has been fulfilled, etc., shall be explained and supporting materials shall be provided.
Lai Sixuan, Chief of the Comprehensive Transportation Section of the Transportation Group of the General Highway Administration, said that when he went to Heyun Action Service Company for a review on February 4, he confirmed that the company did not comply with the "Personal Data Protection Law" and the "Automobile Transportation Industry Personal Data File Security Maintenance Plan". and handling measures", taking appropriate security measures to leak personal data, and not formulating a complete personal data file security maintenance plan, and the company has not corrected by the due date, the number of personal data leakage risks reached 400,000, The circumstances of the violation are serious, and have clearly violated Article 27, Item 1 and Item 2 of the Personal Data Protection Act.
Therefore, the company imposed a maximum fine of NT$200,000 on the company in accordance with Article 48, Paragraph 4 of the Personal Data Protection Act.
Lai Sixuan said that the association continues to require the industry to implement the relevant provisions of the Personal Data Protection Act, and submit complete and corrected supporting materials before February 28. If there are still violations of the Personal Data Protection Act in the follow-up investigation, penalties will continue to be imposed. To urge the industry to implement user personal data protection and corporate social responsibility to protect consumer rights.