Personal information leakage by ?Good choice?, the first penalty compensation to be highlighted
Jin Hyun Jin | 2jinhj@ | 2017-04-27 11:02:49
Investigation result of personal leakage accident of £¿Good choice£¿ has been released.
O2O (on-line and off-line) service companies attracted the attention of customers with sensitive personal information leakage such as personal accommodation information on March 24. Although Withinnovation that operates £¿Good choice£¿ has exceeded the month in which the incident occurred. However no proper compensation policy has established so far and the situation is now under criticism.
It is the first personal information leak incident in the domestic O2O industry and the first case of `penalty compensation system` applied last year. Legal cases such as collective damages lawsuits are showing signs of going ahead as user complaints have not come to a halt.
A joint ministry-based investigation team including the Korea Communications Commission, the Ministry of Science, ICT and Future Planning and the Korea Internet Development Agency (KISA) announced the results of the leak investigation of personal information leak infringement from March 7 to March 17. According to the announcement, hackers reported that they had seized 99,984 cases of personal information (excluding duplicates).
According to the investigation team, the hacker stole the manager session value of `Good choice marketing center web page` with SQL injection method, and then leaked reservation information, affiliation point information and member information. The SQL injection method is the most common vulnerability, so KISA explained that it is always a matter to consider when creating an Internet homepage. Wherever sensitive information such as Withinnovation is handled, KISA added that it should be noted that it is particularly likely to be abused.
In fact, the users who were victims by this hacking situation are concerned about the second damage by using the captured phone number and e-mail address, receiving letters that cause unpleasantness, such as "Mr or Miss. XX have you made reservation on xx date, xx month, xx year£¿ etc.
When the fact that personal information was leaked last month, the company announced to handle the situation actively, however it has shown passive solution so far and is now criticized. The app review on the Google Play Store is now full with user complaints and criticism due to this situation.£¿
The company is also sluggish in the provision of compensation measures. A week after the incident, Shin Myung-seop, the company`s CEO, announced on March 30 that he would make a notice on the app and its website on investigation result, however, the company said it has not been able to provide concrete compensation to wait for the results of the final investigation.
As a result, there is a possibility of filing a damages claim against the company in the future. This leakage is the first case of the penalty damages system introduced in July last year. The court may set the damages up to three times the amount of the damages in the case of personal information is leaked due to the intentional or grave error of the personal information processor. It is the first case where the victim has not been able to prove the fact of damages, but a `statutory damages compensation system` that recognizes the damages as less than KRW 3 million, which is why the possibility of litigation has increased. Shortly after the incident, a portal site caf£¿was opened for victims.
An industry expert mentioned, "If the company did not spend hundreds of billions of won in marketing expenses, they would not have made such a mistake if they were a bit concerned about security. It`s late, but they have to apologize to the user now and give him measures to prevent further damage."
By Jin Hyun Jin 2jinhj@
[ copyright ¨Ï The Digitaltimes ]
O2O (on-line and off-line) service companies attracted the attention of customers with sensitive personal information leakage such as personal accommodation information on March 24. Although Withinnovation that operates £¿Good choice£¿ has exceeded the month in which the incident occurred. However no proper compensation policy has established so far and the situation is now under criticism.
It is the first personal information leak incident in the domestic O2O industry and the first case of `penalty compensation system` applied last year. Legal cases such as collective damages lawsuits are showing signs of going ahead as user complaints have not come to a halt.
A joint ministry-based investigation team including the Korea Communications Commission, the Ministry of Science, ICT and Future Planning and the Korea Internet Development Agency (KISA) announced the results of the leak investigation of personal information leak infringement from March 7 to March 17. According to the announcement, hackers reported that they had seized 99,984 cases of personal information (excluding duplicates).
According to the investigation team, the hacker stole the manager session value of `Good choice marketing center web page` with SQL injection method, and then leaked reservation information, affiliation point information and member information. The SQL injection method is the most common vulnerability, so KISA explained that it is always a matter to consider when creating an Internet homepage. Wherever sensitive information such as Withinnovation is handled, KISA added that it should be noted that it is particularly likely to be abused.
In fact, the users who were victims by this hacking situation are concerned about the second damage by using the captured phone number and e-mail address, receiving letters that cause unpleasantness, such as "Mr or Miss. XX have you made reservation on xx date, xx month, xx year£¿ etc.
When the fact that personal information was leaked last month, the company announced to handle the situation actively, however it has shown passive solution so far and is now criticized. The app review on the Google Play Store is now full with user complaints and criticism due to this situation.£¿
The company is also sluggish in the provision of compensation measures. A week after the incident, Shin Myung-seop, the company`s CEO, announced on March 30 that he would make a notice on the app and its website on investigation result, however, the company said it has not been able to provide concrete compensation to wait for the results of the final investigation.
As a result, there is a possibility of filing a damages claim against the company in the future. This leakage is the first case of the penalty damages system introduced in July last year. The court may set the damages up to three times the amount of the damages in the case of personal information is leaked due to the intentional or grave error of the personal information processor. It is the first case where the victim has not been able to prove the fact of damages, but a `statutory damages compensation system` that recognizes the damages as less than KRW 3 million, which is why the possibility of litigation has increased. Shortly after the incident, a portal site caf£¿was opened for victims.
An industry expert mentioned, "If the company did not spend hundreds of billions of won in marketing expenses, they would not have made such a mistake if they were a bit concerned about security. It`s late, but they have to apologize to the user now and give him measures to prevent further damage."
By Jin Hyun Jin 2jinhj@