Leak of 23 Million Personal Records
Only "Psychological Damages" Recognized... Limitations of Compensation Standards Exposed
The Dispute Mediation Committee under the Personal Information Protection Commission has recommended that SK Telecom pay 300,000 won per person to victims of the hacking incident. However, there has been a wave of criticism that the compensation amount is far too low, especially given that this is the largest personal information leak in history.
On November 4, the Dispute Mediation Committee announced that, at a plenary session held the previous day, it had decided on a mediation plan requiring SK Telecom to pay 300,000 won in damages to each of the 3,998 individuals who applied for dispute mediation. This decision follows the USIM information leak that occurred in April, in which the personal information of up to 23 million subscribers was leaked externally.
The committee stated, "We recognized the psychological damages caused by anxiety over phone cloning and the confusion and inconvenience experienced during the USIM replacement process," and added, "We determined the compensation amount after considering SK Telecom's violation of its obligation to protect personal information."
However, this mediation plan does not apply to victims who did not apply, and it is not legally binding. If SK Telecom does not accept the proposal, it will not take effect.
SK Telecom responded in a statement, "It is regrettable that the company's efforts to address the incident and its voluntary compensation measures were not fully reflected," adding, "We are carefully reviewing whether to accept the mediation plan."
Industry insiders point out that, given SK Telecom has already spent a significant amount on self-initiated measures such as free USIM replacements and waiver of penalty fees, there is a possibility the company may not accept the recommendation as is.
"Unprecedented Leak" vs "Low Compensation"... Criticism of Legal Standards
This incident is a massive leak involving 25 types of personal information, including names, dates of birth, mobile phone numbers, subscriber identification numbers (USIM), and USIM authentication keys, affecting as many as 23 million people.
Nevertheless, the compensation was set at 300,000 won per person, leading to strong criticism that the "value of information" and "psychological damages" were not sufficiently considered.
In South Korea, the standard for compensation for personal information leaks is generally low. In 2014, when 100 million records were leaked from KB Kookmin Card, NH Nonghyup Card, and Lotte Card, the court awarded only 100,000 won per victim. In the same year, regarding the leak of 11.7 million cases of personal information from KT, the Supreme Court did not recognize liability for damages, citing the lack of clear financial loss.
The gap with overseas cases is even wider. In 2021, when US telecom company T-Mobile leaked the personal information of 76.6 million customers, it paid a total of 350 million dollars (about 459 billion won) in settlement through lawsuits. Depending on the scale of the impact, victims received up to 25,000 dollars (about 32 million won) each.
This case is regarded as the first major settlement to clearly recognize the monetary and social value of personal information. In contrast, in South Korea, due to the legal limitation of having to prove financial loss, compensation for damages typically remains at several hundred thousand won unless actual damage is demonstrated.
Currently, about 9,000 hacking victims have filed a lawsuit against SK Telecom, demanding 500,000 won per person in compensation for damages. The first hearing is scheduled for January next year.
If SK Telecom does not accept the Dispute Mediation Committee's recommendation, it is highly likely that the case will proceed to court. Experts predict, "This incident will serve as an opportunity to comprehensively review the domestic personal information protection system and compensation standards."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
