위자료
1. The defendant's appeal is dismissed.
2. The costs of appeal shall be borne by the Defendant.
Purport of claim and appeal
1..
1. Facts of recognition;
A. The Defendant is a provider of information and communications services under the former Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (Amended by Act No. 14080, Mar. 22, 2016; hereinafter “Information and Communications Network Act”), and operates an online community site “C” (D; hereinafter “instant site”).
On February 20, 2013, the Plaintiff joined the instant website as a member.
B. At around 01:04-02:10 on September 11, 2015, 2015, the hacker’s identity unknown leaked approximately KRW 1.95 million of the Defendant’s member information stored in the database (DB) server through an attack on cyber attack techniques, which manipulates data desired to be hacker from the database and leaks out from the database.
(hereinafter “instant accident”). The leaked membership information (including the Plaintiff’s membership information) is a member’s ID, encrypted password, date of birth, e-mail, off-mail, off-crypt, password, the date of entry, and the membership score (e-mail).
(c) The Korea Communications Commission shall organize a joint private-public investigation group and investigate the actual status of the handling and operation of the Plaintiff’s personal information from September 12, 2015 to October 8, 2015. On December 29, 2015, Articles 28(1)2, 3, and 4-28(1) of the Information and Communications Network Act, such as failure to install a access control device, failure to keep access records, failure to store access records, and shortage of encryption, etc. (1) If a provider of information and communications services handles personal information, he/she shall take the following technical and administrative measures in accordance with the guidelines prescribed by Presidential Decree to prevent the loss, theft, leakage, alteration, or damage of personal information:
1. Establishment and implementation of an internal management plan for the safe handling of personal information;
2. Access control devices, such as a system for blocking intrusion to block illegal access to personal information;