Court orders SK to pay victims of hacking attack
The Seoul Western District Court ruled Friday in favor of the 2,882 plaintiffs who filed a suit against SK Communications, operator of Nate and Cyworld, following the cyberattack in July 2011.
To take responsibility for the lax security which enabled hackers to easily access its subscribers’ personal information, the court ordered SK Communications, the Internet business leg of SK Telecom, to pay out 200,000 won ($185) to each victim, a total of some 576 million won.
The denial-of-service attack on Nate, a top three search engine, and Cyworld, a popular SNS site, led to the leaking of names, birth dates, mobile phone numbers and encrypted social security numbers of some 35 million people.
“SK Communications violated its duty to protect the personal information of its Nate and Cyworld subscribers,” the judge stated in the ruling. “Even though 35 million persons’ information was leaked, SK Communications’ intrusion detection system failed to discover the attack.”
The court added that the firm used open-source software, which made it vulnerable to security breaches and gave hackers easier access to its data.
“After the system security manager completed his task, he failed to log out properly and left the computer on overnight,” the court said, leaving the system vulnerable.
Hackers infiltrated the server without having to circumvent a password.
But in the same ruling, the court dismissed other suits against software developer ESTsoft and two local information security firms.
Hackers paralyzed the PCs at SK Communications by releasing malicious code into an ESTsoft program update.
The court said that the software company did not violate its duties to prevent the hacking.
Prosecutors called off the probe on the hacking attack last August, and the culprit has yet to be identified though police investigators tracked the hacker’s IP address to China.
By Sarah Kim [firstname.lastname@example.org]