[Asia Economy Reporter Lee Jung-yoon] The court has sentenced both the cryptocurrency brokerage firm Bithumb and its actual operator, Mr. Lee (43), to fines in a case involving the leakage of customer information.
On the 12th, Judge Lee Hyung-joo of the Seoul Eastern District Court Criminal Division 2 sentenced Mr. Lee (43), the person responsible for managing Bithumb's personal information, and the Bithumb corporation to fines of 30 million KRW each on charges of violating the Information and Communications Network Act by leaking approximately 31,000 customer personal information files and cryptocurrency worth about 7 billion KRW.
Previously, the prosecution had requested fines of 20 million KRW each for Mr. Lee and Bithumb, but Judge Lee stated, "Since two crimes?customer information leakage and cryptocurrency theft?were combined, the maximum statutory fine of 30 million KRW is imposed."
Regarding Mr. Lee, the actual operator, Judge Lee explained, "While he must bear heavy responsibility, he served as the actual operator for a short period instead of the former person in charge, Mr. Kim, and the wrongdoing was not solely his fault. Also, considering that victims will seek separate liabilities based on this trial's outcome, which has a similar effect to punishment, a fine was chosen for Mr. Lee."
According to the prosecution, in April 2017, Bithumb was hacked through a method where an email containing malicious software was sent to Mr. Lee (then an auditor), resulting in the theft of about 31,000 customer personal information records. The personal information files stored on Mr. Lee's personal PC were unencrypted, and antivirus software capable of preventing malicious programs was not installed on the PC, according to the investigation.
From May to October of the same year, Bithumb suffered a cyberattack in which hackers stole cryptocurrency worth 7 billion KRW held by 243 customers. The prosecution found that despite abnormal access such as excessive connections from the same IP, Bithumb did not take blocking measures, and even after customers reported hacking damages, the company failed to identify causes, notify the damage status, or take protective actions, which led to increased losses.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
