The top court ruled Thursday that eBay Korea Co. has no obligations to pay any damages stemming from a 2008 hacking incident that leaked the personal data of millions of people.
Authorities believe hackers based in China broke into the servers of Auction Co., an online auction company owned by eBay Korea, at least four times to spill the names, resident registration numbers, addresses and bank account numbers of 18.07 million people.
A record number of 146,601 filed a class action suit against the local unit of the e-commerce giant and SK Infosec, an information security firm partnered with it, to seek compensation for the emotional distress they'd suffered.
They said eBay Korea and SK Infosec should have done more to protect consumer data, such as installing firewalls or encrypting resident registration numbers. They asked for a compensation of 2 million won (US$1,808) per person, much larger than the 50,000-100,000 won per person offered by the companies.
The Supreme Court, however, upheld two lower court decisions to free eBay Korea and SK Infosec of responsibility to pay damages and make reparations.
eBay Korea and SK Infosec are not responsible for the hacking attack, "considering the security policy of Auction Co., the effectiveness of antivirus technology at the time and the hacking techniques employed by the infiltrators," the lower courts had said.
The Supreme Court also said the companies' failure to install firewalls or encrypt sensitive numbers were not illegal, as cybersecurity laws in 2008 did not require such measures.
The top court also sided with the companies in four other related damages suits filed by a combined total of 330,000 people. (Yonhap)