All appeals are dismissed.

The costs of appeal are assessed against the plaintiffs.

The grounds of appeal are examined.

1.(a)

Pursuant to Article 28(1) of the former Act on Promotion of Information and Communications Network Utilization and Information Protection, Etc. (amended by Act No. 11322, Feb. 17, 2012; hereinafter “former Information and Communications Network Act”), when a provider of information and communications services handles personal information, he/she shall establish and implement an internal management plan to safely handle personal information in accordance with the standards prescribed by Presidential Decree in order to prevent the loss, theft, leakage, alteration or damage of such information, install and operate an access control device, such as a system to block intrusion to block illegal access to personal information, ③ take measures to prevent forgery or alteration of access records, ④ take measures to prevent intrusion by computer viruses such as the installation and operation of encrypted software, ⑤ take technical and administrative measures, such as protective measures necessary to ensure the safety of personal information.

Therefore, the provider of information and communications services is legally obligated to take technical and administrative measures necessary to ensure the safety of personal information as stipulated in Article 28(1) of the former Information and Communications Network Act.

If a provider of information and communications services, upon entering into a contract for the use of information and communications services with a user who intends to use it, requested the user to provide essential member information, such as personal information, through the terms and conditions of use, etc., the provider of information and communications services is obligated under the contract for the use of information and communications services to take necessary protective measures to prevent loss, theft,

B. On the basis of Article 28(1) of the former Information and Communications Network Act and contracts for the use of information and communications services.