Interpark breach victims consider lawsuitInterpark, Korea’s leading online shopping site, now faces potential lawsuits after it revealed on Monday that the personal data of more than 10 million members had been leaked.
A group of victims created an online forum Monday to discuss the possibility of filing a collective lawsuit. As of press time on Wednesday, the forum, “interparkvictim,” had more than 150 members. Commenters expressed outrage that their personal data had been leaked and showed strong support for a collective lawsuit.
Seoul YMCA, a local consumer group, said Wednesday that it is also considering a lawsuit against Interpark, accusing the company of violating the Personal Information Protection Act.
According to the law, personal information leaks due to lack of protective measures can be punished with a prison sentence of less than two years or a fine of up to 20 million won ($17,000).
Seoul YMCA criticized the online retailer for being subject to the “most elementary level of hacking.” The site fell victim to an advanced persistent threat in which the hacker sent multiple emails containing malicious code to employees with access to the personal information database.
“If the employees had been a little more cautious, the hack could have been prevented,” Seoul YMCA said.
The consumer group also criticized Interpark for notifying its members of the data breach 11 days after they filed an initial police report.
“Their response of posting an online apology belatedly on July 25 is careless, and it didn’t even offer any compensation plans,” the group said. “They are just suggesting their members change their password.”
According to the National Police Agency’s Cyber Bureau, hackers with overseas IP addresses hacked into Interpark’s server in May, stealing members’ personal information including names, birthdays, cellphone numbers and home addresses.
But Interpark was unaware its servers had been breached until the anonymous hacking group demanded a ransom in the form of bitcoin, a digital currency, on July 11.
Interpark then did not reveal the news until Monday. In an online apology, the company said it was “collaborating closely with affiliated agencies to prevent secondary damage” but did not mention any details on compensation or how they were cooperating with police to prevent the leaked information from spreading further.
Seoul YMCA also cited several data breach cases that occurred in Korea over the past few years, most of them associated with card companies such as KB Card, Lotte Card and NH Card, and complained about the lack of laws guaranteeing consumer protection from breaches.
“There should be implementation of a collective lawsuit and compensation plan related to cybersecurity,” it said.
Korea’s largest-ever data breach occurred in 2014, when the personal information of over 100 million credit card users were leaked. At the time, some 5,000 victims filed a collective lawsuit that resulted in compensation of 100,000 won each.
BY JIN EUN-SOO [firstname.lastname@example.org]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)