Bank leak victims get 100,000 wonVictims of the massive credit card information leak in 2014, which involved KB Kookmin and NH Nonghyup customers, will receive 100,000 won ($83.20) each in compensation, the Seoul Central District Court ruled on Friday.
It is the first compensation ruling following the incident, which is expected to bring large-scale repercussions as dozens of lawsuits related to this leak are currently ongoing.
The court ordered the companies involved and the Korea Credit Bureau (KCB), the personal credit information holder, to pay 100,000 won each to 5,206 people who filed lawsuits against KB Kookmin Card and NH Nonghyup Card.
The defendants demanded compensation on the grounds of emotional distress.
“Card companies violated the personal information protection act by mismanaging, and the KCB also failed to fulfill its obligation of supervising its employees,” the ruling said. “The institutions clearly have the responsibility of making compensation to the defendants.”
In January 2014, about 100 million pieces of private information, such as personal credit levels and home addresses of KB Kookmin, NH Nonghyup and Lotte Card holders, was leaked. Friday’s settlement did not include Lotte Card customers.
The leak happened as a KCB employee surnamed Park, who was at the time in charge of developing a fake credit card detection system, stole personal information of the three card companies’ clients, and sold it to a financial broker. The information was used to lure people to lending sharks’ loan services. Park was prosecuted and sentenced to three years in prison.
The CEOs of the three card companies stepped down after making public apologies.
Nearly 200,000 people are known to have filed lawsuits. Since the first half of 2014, 90 lawsuits were filed against KB Kookmin, followed by 69 against Lotte and 62 against NH Nonghyup.
The two card companies involved in the class action this time argued that the 2014 incident was not their fault, but solely Park’s, saying they did their best to protect clients’ information.
However, the court did not accept the argument, saying that the two companies are also responsible for lax management being unable to halt Park from using a unpermitted USB key at the workplace.
“The leaked information has already been open to the unknown third party, or is highly likely to be open to more people in the future,” the court said. “The court acknowledges that the defendants have suffered from emotional distress.”
BY LEE YOO-JEONG [firstname.lastname@example.org]