By Park Si-soo
Staff Reporter
A Seoul court ruled Thursday that Auction, a Korean open market Web site owned by eBay, was not liable for any damages sought in a class action lawsuit brought by 146,000 registered users over the theft of their private information by hackers in 2008.
The Seoul Central District Court ruled in favor of the company, citing its efforts to put the best security measures available in place as extenuating circumstances.
However, the court made a non-binding suggestion that Auction compensate the affected customers voluntarily at a level that fits its responsibility as a good corporate citizen.
Auction said that it appreciated the ruling and was considering a variety of ways to give back to society.
The latest case marks a departure from previous rulings on massive leaks of private information.
Kookmin Bank and LG Electronics were ordered to pay compensation to customers whose information was exposed following hackers' attacks on their databases.
Presiding Judge Lim Sung-geun said Auction defended its database with state-of-the-art security measures, providing the company with extenuating circumstances against the plaintiff's claim that it had failed to uphold its duty of protecting user data from hackers.
"A company should be held liable for compensating affected users only when it is proven that it did not make the utmost efforts to prevent hacking," the judge said.
Seo Min-seog, an Auction spokesman, said, "We respect the ruling. And we will do our best to provide the best services with the best security measures."
Park Jin-shik, one of the lawyers representing the plaintiffs, expressed regret at the court ruling and said he will appeal.
"An unexpected ruling was made," Park said. "The leak was apparently caused by Auction's inadequate security system. Before the leak was reported, the company found a hacking tool implanted in its server, but it did not do its utmost to get rid of it."
The company's user data server suffered three hacking attacks between Jan. 4 and 8, 2008. The company and the authorities estimate that nearly 10.81 million or 60 percent of all registered users of Auction (www.auction.co.kr) had their private information including ID numbers, home addresses, phone numbers and even bank accounts exposed. Police failed to identify and catch those who penetrated the company's firewall.
In the collective action against the company, each of the 146,000 plaintiffs demanded between one and three million won ($880-$2,650) in compensation.
During the two-year-long court battle, they tried to prove that they had sustained damage as a result of the leak, citing, for instance, increases in the numbers of what appeared to be phishing calls to their mobile phones.