The Personal Information Protection Commission (PIPC) found that Meta had gathered and shared data on users' religious beliefs, political views and sexual orientation with around 4,000 advertisers.
The data was collected through Facebook profiles and user behaviors such as "likes" and ad clicks.
The privacy regulator said Meta failed to explicitly state its data collection policies and denied users' requests to access their personal information.
The investigation also revealed that Meta had approved password reset requests using forged identification documents, leading to data breaches affecting 10 South Korean users.
"We will continue to monitor Meta's compliance with the corrective orders and apply privacy protection laws equally to global companies serving Korean users," the PIPC said in a statement.
In addition to the fine, the regulator ordered Meta to establish legal grounds for processing sensitive information, implement security measures, and properly respond to users' data access requests.
Meta was also separately fined 10.2 million won for other violations.