BreachExchange mailing list archives
Korean Court Orders SK Communications to Pay Damages to ID Theft Victims
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 18 Feb 2013 09:27:44 -0500
http://www.databreaches.net/?p=26863 The 2011 hack affecting SK Communications, operator of Nate and Cyworld, currently stands as 10th on DataLossDB’s list of largest all-time breaches, affecting 35 million people. The breach not only resulted in lawsuits, but contributed to the government reversing its plans to implement a real-name registration policy. In the latest development, a Seoul court has ruled that SK Communications should pay KRW 200,000 ($185.48) in damages to each ID theft victim in a class action lawsuit against SK Communications filed by 2,737 ID theft victims. Korea IT Times has more on the ruling. Although they report that this was the first victory for victims of this breach, there actually was a previous case with an award to a plaintiff, and the amount per person from this case is significantly less than what was previously awarded to a sole plaintiff who sued after the breach. It is not known to me what happened to that award on appeal from SK Communications. Korea IT Times reports that the court said, “SK Communications completely failed to notice the phased theft of personally identifiable information provided by 35 million Nate and Cyworld users. Besides, SK Communications’ use of a general-purpose, easy-to-hack version of ALzip (from ESTsoft) made Cyworld more susceptible to hacking attempts. On top of that, the operator’s employee left the computer on without logging out, therefore leaving Cyworld’s security porous until the early hours of the morning.” Complaints against ESTsoft and Norton were dismissed. Regulators had previously determined that the malware used in the attack had not been detected by Norton, and had slammed SK Communications for use of the foreign antivirus software. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges.
Current thread:
- Korean Court Orders SK Communications to Pay Damages to ID Theft Victims Erica Absetz (Feb 18)