leakhigh3/13/2026
South Korea's ISMS-P Certification Program Under Fire Following Multiple Data Leaks
Multiple ISMS-P Certified Companies (Under Armour Korea, Lotte Card, Coupang)
Statistics released by the Personal Information Protection Commission (PIPC) on March 13, 2026, revealed that 27 out of 263 ISMS-P certified companies have suffered a total of 33 major data leaks over the past five years. The crisis was triggered by high-profile breaches at organizations that had recently received state cybersecurity certification, including Under Armour Korea and Lotte Card (which suffered a breach just 48 hours after receiving certification).
South Korea's Ministry of Science and ICT and the Personal Information Protection Commission announced a drastic overhaul of the nation's ISMS-P (Information Security Management System - Personal) certification program following revelations that certified organizations continued to experience major data breaches. The program, considered the 'gold standard' of South Korean cybersecurity, has been criticized as a 'compliance exercise' rather than a true security measure. The government is transitioning to a 'technology-centered' audit model beginning in Q3 2026 to address the systemic failure of the current certification process.
Tags
#certification failure#regulatory oversight#data protection#multiple breaches
Source
View Original ReportLast updated: March 16, 2026