The auction case

The AUCTION Case of Korea
In January 2008, There was a hacking criminal on Auction site.
Auction is the largest internet mall in Korea.
By this accident about 18,000,000 user’s ID numbers, phone numbers were hacked. The police presumed the suspect as the chinese hacker.
The Auction case, the largest one in terms of the number of victims and plaintiffs in the ensuing lawsuits, shows the necessity of
regulatory compliance. Lawyers were eager to promote massive lawsuits against Auction in their Internet cafes and blogs, encouraging the
aggrieved Auction users to join their actions for damages totaling 150,000,000 won(about US$130 million).
The plaintiffs organized in several groups eventually exceeded 145,000.
In the courtroom, the representatives of plaintiffs argued the ordinary customers of the E-marketplace fell victim to
Auction’s negligent administration of computer system and suffered mental distress whether their personal data could be
abused or misused as a result of such data breach. If they succeeded in the massive lawsuit, the compensation money,
presumably at the same level as 50 thousand won per person in the Lineage case of the first instance,
could reach the amount enough to undermine the corporate financial base.
On January 14, 2010 after 2 years long courtroom arguments, the Seoul Central District Court ruled that Auction was not to blame.
The court said “There is no evidence that Auction was lenient about its security measures against hacking.” The court added: “It was
not legally mandatory for companies to set up firewalls for their websites, considering that there was low credibility over
installing firewalls among businesses at that time.” Also the court was believed to take into account how the top management
swiftly handled the incident to prevent a possible attack in the future. The court has considered the following rules.
1.Have ISP observed the technical and managerial measures required by the relevant laws to safeguard the personal data?
2.Have ISP established reliable firewalls and other security measures against possible hacking incidents?
3.Does it cost too much to install anti hacking technologies in the view of the latest hacking skills?
4.Have ISP discharged their duties to prevent possible attack or threat in the future?
5.How many users are affected by the incident and how large could the actual damage to the victims be?
The final result of the auction case should wait for the higher courts as a number of victims have appealed.
 
< Prev   Next >