The Korean government imposed an 85 million won (US$83,810) fine on KT, admitting KT’s guilt on information confidentiality. KT’s servers were hacked and the personal information of more than 9.8 million people was leaked. It looks like KT will be sued, and the amount of compensation claimed is almost 10 trillion won (US$9.86 billion).
The Korea Communications Commission (KCC), with its Chairman Choi Sung-joon, discussed the “administrative punishment of KT on violation of personal information protection bill” on June 26. They decided to impose 70 million won of fines, 15 million won of penalties, and corrective orders to prevent future recurrences.
The KCC made a judgment that KT did not fulfill its security duties for personal information protection, even though it is required to have thorough technical and systematic security procedures as a key telecommunication service provider.
The KCC pointed out that KT had individual authentication system deficiencies, and could not even block an IP when one certain IP searched for 340,000 cases of personal information per day.
The essence of this judgment was to admit relevance between “negligence” in personal information protection and personal information leakage. It was the very first time to find a major telecommunications company, especially an affiliate of a large corporation, guilty of personal information leakage.
According to the decision of the KCC, victims of personal information leakage have advantages over KT. Non-government organizations are currently preparing lawsuits, demanding 1 million won compensation for each person. If all the victims participate in this lawsuit, the compensation amount numerically exceeds 9.8 trillion won. The Citizen’s Coalition for Economic Justice already filled the 1st class action lawsuit for 2,796 victims. On the other hand, KT expressed its regret about the decision of the KCC.