By Don Southerton, Korea Legal Editor
With the new year, I’ll be posting recent legal developments in Korea. This ruling stood out since it involves Auction, which is owned by eBay. The case centered around hacking of personal information–an ongoing concern in Korea, in the US, and globally.
What are your thoughts?
A Seoul court ruled Thursday that Auction, a Korean open market Web site owned by eBay, was not liable for any damages sought in a class action lawsuit brought by 146,000 registered users over the theft of their private information by hackers in 2008.
The Seoul Central District Court ruled in favor of the company, citing its efforts to put the best security measures available in place as extenuating circumstances.
However, the court made a non-binding suggestion that Auction compensates the affected customers voluntarily at a level that fits its responsibility as a good corporate citizen.
The auction said that it appreciated the ruling and was considering a variety of ways to give back to society.
Must Read: Vietnam Travel Guide: Where to Find the Best Karaoke, Massage, and Entertainment in the Country
The latest case marks a departure from previous rulings on massive leaks of private information.
Kookmin Bank and LG Electronics were ordered to pay compensation to customers whose information was exposed following hackers’ attacks on their databases.
Presiding Judge Lim Sung-Geun said Auction defended its database with state-of-the-art security measures, providing the company with extenuating circumstances against the plaintiff’s claim that it had failed to uphold its duty of protecting user data from hackers.
“A company should be held liable for compensating affected users only when it is proven that it did not make the utmost efforts to prevent hacking,” the judge said.
Seo Min-seog, an Auction spokesman, said, “We respect the ruling. And we will do our best to provide the best services with the best security measures.”
Park Jin-Shik, one of the lawyers representing the plaintiffs, expressed regret at the court ruling and said he will appeal.
“An unexpected ruling was made,” Park said. “The leak was apparently caused by Auction’s inadequate security system. Before the leak was reported, the company found a hacking tool implanted in its server, but it did not do its utmost to get rid of it.”
The company’s user data server suffered three hacking attacks between Jan. 4 and 8, 2008. The company and the authorities estimate that nearly 10.81 million or 60 percent of all registered users of Auction (www.auction.co.kr) had their private information including ID numbers, home addresses, phone numbers, and even bank accounts exposed. Police failed to identify and catch those who penetrated the company’s firewall.
In the collective action against the company, each of the 146,000 plaintiffs demanded between one and three million won ($880-$2,650) in compensation.
During the two-year-long court battle, they tried to prove that they had sustained damage as a result of the leak, citing, for instance, increases in the numbers of what appeared to be phishing calls to their mobile phones.
Also Read: Korean Lawsuit Over the Murder of Queen Min