NCSoft Sued in South Korea for ID Theft

By Eric Goldman

NCSoft has been sued in South Korea for allowing users to improperly register Lineage/Lineage 2 accounts in other people’s official Korean ID number (I’m inferring this is similar to a social security number). More than 3,500 people have joined the class action so far, although the affected number is in the hundreds of thousands.

Based on this report, my understanding is that an organized crime ring stole a large number of Korean IDs from a third party shopping website, used those IDs to create Lineage accounts, used Chinese gold farmers to manufacture in-world wealth, and then converted that to physical-world wealth.

Assuming this is true, I don’t immediately understand how NCSoft could be liable to the people whose IDs were stolen. It’s not clear that NCSoft played any role in the initial ID theft, and so far the news reports indicate that the people whose IDs were stolen have not suffered any damage. If NCSoft had no role in the initial theft and the people whose IDs were stolen suffered no damages, I’m having a hard time seeing how this is NCSoft’s problem. Certainly, in the US, I can’t see how the plaintiffs in this situation could state a valid cause of action.

As a result, this lawsuit smells fishy. The organizers run a case auction service that matches victims with lawyers for all types of lawsuits. (From their website: “Case Auction is a bidding system of which clients find out lawyers to handle his/her case through the auction.”) Could this lawsuit just be a traffic driver for the website?

Alternatively, lawyers just may be trying to capitalize on consumer outrage. I’m inferring from news reports that NCSoft collected the ID number unnecessarily and consumers are ticked about the security breach and its possible implications (even if no damages were caused here). If the analogy is that an online service provider collected social security numbers are part of their authentication process, I see why some people would want answers about the necessity of such data collection. This article recaps some of the controversy.

Thanks to Matt Goeden for pointing this out. More coverage at Terra Nova.