Court orders SK to pay victims of hacking attack

Home > National > Social Affairs

print dictionary print

Court orders SK to pay victims of hacking attack


자료사진(NateOn UC 홈페이지 캡쳐)

In a large-scale class action lawsuit, a Seoul court ordered a leading telecommunications operator to take responsibility for victims whose personal information was compromised in the massive hacking of portal site Nate and social networking service Cyworld in 2011.

The Seoul Western District Court ruled Friday in favor of the 2,882 plaintiffs who filed a suit against SK Communications, operator of Nate and Cyworld, following the cyberattack in July 2011.

To take responsibility for the lax security which enabled hackers to easily access its subscribers’ personal information, the court ordered SK Communications, the Internet business leg of SK Telecom, to pay out 200,000 won ($185) to each victim, a total of some 576 million won.

The denial-of-service attack on Nate, a top three search engine, and Cyworld, a popular SNS site, led to the leaking of names, birth dates, mobile phone numbers and encrypted social security numbers of some 35 million people.

“SK Communications violated its duty to protect the personal information of its Nate and Cyworld subscribers,” the judge stated in the ruling. “Even though 35 million persons’ information was leaked, SK Communications’ intrusion detection system failed to discover the attack.”

The court added that the firm used open-source software, which made it vulnerable to security breaches and gave hackers easier access to its data.

“After the system security manager completed his task, he failed to log out properly and left the computer on overnight,” the court said, leaving the system vulnerable.

Hackers infiltrated the server without having to circumvent a password.

But in the same ruling, the court dismissed other suits against software developer ESTsoft and two local information security firms.

Hackers paralyzed the PCs at SK Communications by releasing malicious code into an ESTsoft program update.

The court said that the software company did not violate its duties to prevent the hacking.

Prosecutors called off the probe on the hacking attack last August, and the culprit has yet to be identified though police investigators tracked the hacker’s IP address to China.

By Sarah Kim []
Log in to Twitter or Facebook account to connect
with the Korea JoongAng Daily
help-image Social comment?
lock icon

To write comments, please log in to one of the accounts.

Standards Board Policy (0/250자)