Personal information belonging to high-value donors to major South Korean charities was exposed online after sensitive data was mistakenly published in financial documents, affecting about 1,600 people, including well-known entertainers.
The incident involved organizations connected to the Community Chest of Korea, the country’s largest government-sanctioned welfare charity. According to reports, internal settlement documents were uploaded to the organization’s website without properly removing personal details belonging to donors who had made large contributions.
The exposed records included sensitive information such as names and South Korean resident registration numbers. In South Korea, resident registration numbers function as a national identification number and are considered highly sensitive because they can be used for identity verification across many financial and administrative systems.
The data was included in financial materials published online as part of the routine disclosure of donation records. Charities in the country typically release annual settlement reports detailing contributions and fundraising outcomes. In this case, the version posted on the website reportedly contained unredacted personal information that should have been removed before publication.
The leaked dataset reportedly included around 600 major donors who had each contributed more than 20 million won, or roughly $13,500. Many of those donors are public figures, including politicians, business leaders, and entertainers. Reports said that the overall number of individuals whose data was exposed across related documents reached approximately 1,600.
The charity said it became aware of the issue after the documents were posted online and formed a response team to investigate and address the breach. According to statements cited in local reporting, the organization began reviewing how the files were uploaded and started notifying affected donors.
Under South Korea’s Personal Information Protection Act, organizations that detect a personal data leak must report the incident to authorities within 72 hours. The charity said it planned to notify regulators and contact affected individuals individually as part of its response process.
The exposure has raised concerns about the handling of sensitive donor information by nonprofit organizations. Donors contributing large sums to charities often expect their personal details to be protected, especially when the information includes identification numbers that can be used in administrative or financial systems.
Authorities are expected to review the incident as part of broader oversight of personal data protection practices. The investigation will focus on how the documents containing the unredacted information were prepared and uploaded, and whether existing procedures for publishing financial disclosures were followed.
The charity said it is continuing its internal review while taking steps to prevent similar incidents in the future. The organization also said it will cooperate with authorities and provide updates to those affected by the leak.