No more information leaksSK Communications recently lost a court case on data leakage following a disastrous hacking incident. It was the first ruling in favor of a collective consumer action against a company for mismanaging customers’ information.
The Seoul Western District Court ordered SK Communications to pay a total of 576.4 million won ($534,200), or 200,000 won each, to 2,882 petitioners who filed damages against the company for leaking their personal information. It is the first ruling that holds the corporate manager accountable for leaking customers’ information regardless of intentionality. The court said, “SK Communications neglected its duty to protect customers’ information, which resulted in inviting a hacking incident.”
In July 2011, the company that operated popular social networking online platform Cyworld and portal site Nate, announced that the two networks were hacked by criminals who stole personal data, including names, e-mail and home addresses, phone numbers, and residential registration numbers of more than 35 million users of the two online sites. Victims filed a class-action suit against SK Communications for the country’s hitherto worst Web security accident. So far, the court has been lenient on hacking incidents, siding with the corporate defendants by arguing that complete protection from professional hackers is not possible. Another local Seoul court in November last year turned down the lawsuit against SK Communications from 2,847 hacking victims.
It is unclear with which of the two different rulings the higher court will side in the future. But the general consensus is that companies must bear more accountability in managing and overseeing customers’ personal information. Consumers are no longer so naive to accept excuses and apologies that hacking accidents cannot be prevented.
Once customers’ private information is leaked, their life and properties become vulnerable. The Seoul Western District Court listed the problems with corporate leniency. SK Communications’ detection system failed to work properly due to indulgent guidelines and reliance on a security-weak zip program. It also lacked an automatic log-out timer on its database.
Information and technology companies must be aware that they cannot survive simply on good products and programs. They must provide thorough security guarantees for their customers using their services. The recent ruling shows that security breaches can cost companies serious money, too.