To file a complaint with Songpa Police Station in Seoul on December 5
Negligence of duty to implement safety measures to prevent leaks
"Failed to manage even basic authentication keys"
Law firm Daeryun has decided to file a complaint against Park Daejoon, CEO of Coupang, in relation to the large-scale personal information leak incident at Coupang.
On December 5, Daeryun Corporate Legal Group attorneys Son Gyejun, Ho Gyuchan, Jang Jiwoon, and Ji Minhui announced that they plan to file a complaint with the Songpa Police Station in Seoul against Coupang CEO Park Daejoon, as well as those responsible for and managing personal information authentication work, on charges of violating the Personal Information Protection Act and breach of trust in the course of duty.
The complaint alleges that, as those in charge of and managing personal information, they neglected their duty to implement safety measures to prevent information leaks. The person in charge leaked personal information after leaving the company without returning the authentication key, and the managers also failed to retrieve the authentication key from the former employee or to replace the existing authentication keys.
Daeryun stated, "We believe that the managers, including CEO Park, allowed unauthorized server access by former employees in order to reduce the cost of replacing authentication keys and for the convenience of continuing to use existing keys. Even when they became aware of the leak, they failed to respond promptly. This indicates that they were fully aware of the risk of an information leak and nevertheless tolerated it."
They added, "Coupang claims that the unauthorized access occurred on November 6, but that they only became aware of it on November 18. However, if unauthorized access had occurred, an abnormal access signal would have been immediately sent to Coupang. It is difficult to accept that they failed to recognize this, so an investigation into the internal reports and instructions from decision-makers at the time is necessary."
The charge of breach of trust in the course of duty has also been applied. This is based on the high likelihood that the former employee sold personal information to an unidentified third party in exchange for money or economic benefit, thereby gaining illicit profit. Daeryun explained, "Not only have Coupang users suffered privacy violations and other damages, but Coupang Corporation itself has also sustained significant financial losses, such as increased security costs and the possibility of fines. Therefore, the requirement of 'financial loss due to breach of duty' is met."
Son Gyejun, head of Daeryun Corporate Legal Group, stated, "Customers believed that Coupang would protect their personal information with the latest technology, but in reality, Coupang failed to even manage basic authentication keys, betraying that trust. Through this complaint, we hope for a thorough investigation and punishment of those responsible."
Meanwhile, Daeryun is also considering a class action lawsuit against Coupang's headquarters in the United States in cooperation with the local New York law firm SJKP LLP. The plan is to seek substantial relief for victims through the U.S. courts, which have a punitive damages system.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
