Home page logo

dataloss logo Data Loss mailing list archives

Korean Court Orders SK Communications to Pay Damages to ID Theft Victims
From: Erica Absetz <eabsetz () opensecurityfoundation org>
Date: Mon, 18 Feb 2013 09:27:44 -0500


The 2011 hack affecting SK Communications, operator of Nate and
Cyworld, currently stands as 10th on DataLossDB’s list of largest
all-time breaches, affecting 35 million people. The breach not only
resulted in lawsuits, but contributed to the government reversing its
plans to implement a real-name registration policy.

In the latest development,  a Seoul court has ruled that SK
Communications should pay KRW 200,000 ($185.48) in damages to each ID
theft victim in a class action lawsuit against SK Communications filed
by 2,737 ID theft victims. Korea IT Times has more on the ruling.
Although they report that this was the first victory for victims of
this breach, there actually was a previous case with an award to a
plaintiff, and the amount per person from this case is significantly
less than what was previously awarded to a sole plaintiff who sued
after the breach.  It is not known to me what happened to that award
on appeal from SK Communications.

Korea IT Times reports that the court said, “SK Communications
completely failed to notice the phased theft of personally
identifiable information provided by 35 million Nate and Cyworld
users. Besides, SK Communications’ use of a general-purpose,
easy-to-hack version of ALzip (from ESTsoft) made Cyworld more
susceptible to hacking attempts. On top of that, the operator’s
employee left the computer on without logging out, therefore leaving
Cyworld’s security porous until the early hours of the morning.”

Complaints against ESTsoft and Norton were dismissed.  Regulators had
previously determined that the malware used in the attack had not been
detected by Norton, and had slammed SK Communications for use of the
foreign antivirus software.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list


Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

  By Date           By Thread  

Current thread:
  • Korean Court Orders SK Communications to Pay Damages to ID Theft Victims Erica Absetz (Feb 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]