A state committee on privacy protection on Wednesday decided to impose a record high of over 15-point-one billion won, or around eleven million U.S. dollars, in penalties on Kakao Corporation after an information leak affecting about 65-thousand users due to negligence in user data protection.

The Personal Information Protection Commission launched an investigation last March over Kakao's alleged violation of the Personal Information Protection Act, following media reports that user data from the messenger app's open chat service was being illegally traded.

The probe has found that hackers exploited the open chat service's lax data protection to steal participants' personal information, which they later sold via Telegram.

The Commission noted that Kakao had failed to encrypt users' ad hoc IDs, allowing hackers to identify the serial number assigned to each user. The Commission also said Kakao failed to inspect and respond to alleged data breaches, and to notify the Commission and the affected users.

Kakao has refuted the Commission's decision, claiming neither the serial numbers nor the ad hoc IDs contain personal information, adding that it is not obligated to encrypt them under the law. The company said it would consider taking legal action in response.