Fri, Mar 02, 2018 - Page 1 News List

First class-action lawsuit over privacy breach filed

BAD HABITS:The nation’s status as an exporter of fraud is a national disgrace, and its cause is chronically poor data security practices, the Consumers’ Foundation said

By Chen Yi-chia and Jonathan Chin  /  Staff reporter, with staff writer

Consumers’ Foundation chairman Yu Kai-hsiung speaks outside of the Shilin District Court in Taipei yesterday as the foundation filed the nation’s first class-action lawsuit over a contravention of the Personal Information Protection Act.

Photo: Chen Yi-chia, Taipei Times

The Consumers’ Foundation yesterday filed the nation’s first class-action lawsuit over contraventions of the Personal Information Protection Act (個人資料保護法) against Lion Travel Service Co (雄獅旅行社).

In May last year, an estimated 360,000 Lion Travel Service transactions were compromised following an alleged cyberattack that originated abroad, the foundation said, adding that the firm’s handling of information security was “manifestly negligent.”

Personal information obtained via the hack was then utilized by fraudsters to target at least 24 people, resulting in NT$3.16 million (US$107,784 at the current exchange rate) in financial losses, including one person who lost NT$680,000, it said.

The hack compromised transaction records that included names, telephone numbers and products purchased by the company’s clients, it said.

The foundation said that it had negotiated with the firm to settle disputes on behalf of victims, but the travel agency was unwilling to pay compensation beyond issuing rebate certificates worth NT$2,000.

Lion Travel Service has said that it has no obligation to the victims, because there was no deliberate leak of personal data, and its firewall and certification systems meet the standards of due diligence, the foundation said.

The foundation’s class-action lawsuit asks for NT$3.64 million in compensation, including verified financial losses and NT$20,000 for the distress caused to each client whose private data was exposed, it said.

Lion Travel Service should have provided better data security in light of its high brand-name recognition and its profitability, the foundation said, adding that the firm last year reported annual revenue of NT$26.78 billion.

The nation’s status as an exporter of fraud is a national disgrace, and its cause is chronically and endemically poor data security practices, foundation chairman Yu Kai-hsiung (游開雄) said.

The act, passed in 1995, has not been followed in practice by the government or private entities, he said.

“Data security breaches have been reported at the Ministry of Foreign Affairs, the Taipei City Government and many private enterprises,” Yu said. “The nation’s personal data protection is weak and most consumers have become numb to the lack of information safety.”

“This situation should not exist and it is not normal,” Yu said, adding that corporations frequently shift the blame for the results of their bad practices onto hackers.

Lion Travel Service yesterday issued a statement saying that the leak of data was the result of a malicious attack on its systems by foreign hackers and that it has not intentionally compromised the personal information of its clients.

“The Consumers’ Foundation has failed to substantively investigate the data security practices of this company, and has made reckless accusations that we did not follow laws and regulations, which has harmed our reputation,” it said.

Additional reporting by Hsiao Yu-hsin

This story has been viewed 10705 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top