Korean matchmaking service Duo fined over £600,000 over sensitive data leak from Infostealer infection

Korean matchmaking service Duo was breached on January 28, 2025 after an attacker used infostealer malware on an employee PC to obtain database credentials and exfiltrate sensitive personal data for roughly 427,464 members; South Korea’s Personal Information Protection Commission fined Duo ~1.197 billion won, cited failures to encrypt and to properly destroy retained records, and ordered notifications and stronger security measures.