Users of Tving, a domestic online video service (OTT) operated by CJ ENM, filed for damages over a personal information leak.
Law firm Jihyang said on the 12th that it filed a damages suit with the Seoul Central District Court on the 11th on behalf of 1,501 Tving users who suffered from the personal information leak.
Jihyang said, "With this lawsuit, we aim to establish that the Tving incident was not a simple external hacking but an obvious man-made disaster caused by corporations that failed to take even basic legal protective measures, and the result of deceptive and unlawful terms of service operations, and to hold them strictly accountable."
The amount claimed per plaintiff is 300,000 won. A Jihyang official said, "The plaintiffs are suffering severe psychological distress and anxiety due to Tving's gross negligence and illegal acts," adding, "We will expand the compensation scale as soon as concrete government investigation results are announced." Jihyang plans to recruit additional plaintiffs to join the class-action damages suit.
A Jihyang official also said, "Overseas OTT service providers, including Netflix, are excessively collecting users' personal information to use it for 'target marketing.'" Jihyang decided to submit a report to the Personal Information Protection Commission and urge a corrective order.
Earlier, on the 3rd, Tving announced that a hacker had infiltrated its database (DB) and leaked users' personal information. The leaked data include users' IDs, names, dates of birth, gender, CI (connection information), DI (duplicate subscription identification information), mobile phone numbers (last four digits encrypted), emails (ID part encrypted excluding domain), refund account numbers (encrypted), and passwords (one-way encrypted). Tving has 13 million paid and free members.
CI is an 88-byte unique string introduced to identify individuals online after the collection of resident registration numbers was banned. Even if a name or mobile phone number changes, the CI value remains the same. Jihyang argued that the CI leak has exposed users to a permanent fear of secondary crimes.
The Personal Information Protection Commission is determining the specific circumstances of the leak and the scale of the damage.