This is one of the breaches in the top 10 list, where I had previously noted that some sources said 18 million were affected by the hack, while Auction claimed 10.8 million. Whatever the correct number, the online service was found not to be responsible for the breach.
Joong Ang Daily Reports:
A local court ruled against 146,000 users of online shopping mall Auction who filed a class-action suit asking for 150 billion won ($133 million) in compensation from the retailer for not preventing the leak of millions of users’ personal data by a 2008 hackers attack from China. Ending legal dispute more than a year old, the Seoul Central District Court handed down its verdict in its first trial on the issue.
“There’s no evidence that the Auction was lenient about its security countermeasures against hacking,” said Lim Seong-guen, a judge who presided over the case. “It’s not legally mandatory for companies to set up firewalls for their Web sites and considering that there was low credibility over installing firewalls among businesses at that time, it’s hard to say Auction is liable for the breach.”
Though it’s regretful that the online retailer’s Web site was attacked by hackers that led a leak of names, ID numbers, addresses and phone numbers, Lim said Auction was unable to prevent the attack because security technology at that time couldn’t block the hackers. “Though Auction does not bare legal responsibility, it would be desirable if the company takes ethical responsibility and takes appropriate measures for users,” Lim continued.
Read more on Joong Ang Daily.
The Korea Herald also provides coverage of the decision:
Auction, a major online open market, is not responsible for the theft of its customers’ personal information, the Seoul Central District Court ruled yesterday.
“Auction cannot be seen as having violated any duties as a Web service provider,” ruled the court.
The company also immediately reported the data breach to authorities and to its customers, and thus may be seen as having taken appropriate countermeasures, said the court.
Read more in The Korea Herald.