NCsoft sued over identity theft
by Jennie Lees 
{ Mar 2nd 2006 at 8:00PM }
In South Korea, people whose
identities were stolen and used to register accounts on Lineage and Lineage II plan to take legal
action against NCsoft. Despite the theft not originating with NCsoft, lawyers appear to have found a convenient target
for the blame.The lawsuit doesn't appear to be taking off, with only 100 plaintiffs paying the $1 fee to join; the suit is being filed on behalf of more than 230,000 people. It looks to be more scare-tactics than a valid lawsuit, but with $230m at stake, if it gets going it may become frightening indeed.
[via digg]
Get a WordPress.com Blog
Reader Comments (Page 1 of 1)
w00gy @ Mar 2nd 2006 8:26PM
This is stupid.
If my credit card gets stolen and the thief buys an Xbox 360 I should sue Best Buy?
Snap @ Mar 2nd 2006 9:14PM
Well, theft is certainly stupid. Credit cards do have some security though, in that there is a signature on the back. So when you sign that little transaction slip at the end of the transaction if the signatures don't reasonably match, you dont finish the transaction. The only problem is retailers 99% of the time don't look at the signatures. So if someone steals my card and buys a 360 from BB and I find out that signature doesn't match mine, I most certainly would raise hell with BB and I am sure my credit card company would too.
Snap @ Mar 2nd 2006 9:57PM
Of course online purchases are a different story....
Lineage 2 Forums @ Mar 3rd 2006 1:59AM
Hmm, NCSoft is known for not doing much if your account info is stolen or whatever. Maybe the Koreans were finally sick and tired of the bs.
LaughingTarget @ Mar 3rd 2006 4:32AM
Best Buy has an out because they use those electronic signature pads, and your signature never matches when using those things.
Anyway, $1 to join a class action suit? Sounds fishy, even if only $1. Sounds like some con artists trying to do a large scale bilk, and taking only $1 from each individual will make it easier to get away with.
T.H. @ Mar 15th 2006 2:17AM
Firstly, it is important to note that we are not talking about credit card fraud in the instant case. What is being argued, and actioned against, is the failure to maintain security standards to protect identifying information maintained on NCSoft servers. This information contains an individual’s identity details, such as date of birth, residence, and most importantly their Personal Identification Number attached to their individual government issued ID’s. This number would be equated to a person’s Social Security Number in the USA. We are talking about Identity theft.
To use the OP’s original argument about Best Buy… if you applied for a Best Buy credit card – and your application (containing all your information) was not stored securely by Best Buy and was stolen from the company Best Buy would be accountable. Would you not sue Best Buy for not instituting the proper procedures necessary for safeguarding your personal information.
NCSoft is claiming that they are not liable because the accounts were maintained “In good faith.” Good faith does not excuse a company from liability stemming from negligence.
You’re right. Players are starting to make gaming companies more liable for their actions. It is about time. Account terminations, banning, bugs, and exploits are technically breeches of player / provider contracts validated through monetary exchange.
The age of providers (NCSoft) and GM’s that maintain the “We are Gods” mentality and terminating accounts and failing to fix reported bugs – will soon come to an end. There will be repercussions for their actions and they will have to learn to be accountable to their players.
Fail to fix a known exploit that severely impacts game-play like the current Raid Boss/ Pet exploit = get sued.
Terminate an account because a player PK’d a GM’s friend = get sued.
Fail to securely store players personal information = get sued.
Up to this point, there has been no accountability in the industry. Hopefully, this will start the wave which will change that notion.
T.H. @ Mar 15th 2006 2:18AM
Firstly, it is important to note that we are not talking about credit card fraud in the instant case. What is being argued, and actioned against, is the failure to maintain security standards to protect identifying information maintained on NCSoft servers. This information contains an individual’s identity details, such as date of birth, residence, and most importantly their Personal Identification Number attached to their individual government issued ID’s. This number would be equated to a person’s Social Security Number in the USA. We are talking about Identity theft.
To use the OP’s original argument about Best Buy… if you applied for a Best Buy credit card – and your application (containing all your information) was not stored securely by Best Buy and was stolen from the company Best Buy would be accountable. Would you not sue Best Buy for not instituting the proper procedures necessary for safeguarding your personal information.
NCSoft is claiming that they are not liable because the accounts were maintained “In good faith.” Good faith does not excuse a company from liability stemming from negligence.
You’re right. Players are starting to make gaming companies more liable for their actions. It is about time. Account terminations, banning, bugs, and exploits are technically breeches of player / provider contracts validated through monetary exchange.
The age of providers (NCSoft) and GM’s that maintain the “We are Gods” mentality and terminating accounts and failing to fix reported bugs – will soon come to an end. There will be repercussions for their actions and they will have to learn to be accountable to their players.
Fail to fix a known exploit that severely impacts game-play like the current Raid Boss/ Pet exploit = get sued.
Terminate an account because a player PK’d a GM’s friend = get sued.
Fail to securely store players personal information = get sued.
Up to this point, there has been no accountability in the industry. Hopefully, this will start the wave which will change that notion.
jennie @ Mar 15th 2006 7:55AM
T.H., I think the case is slightly different here. From what I can see, the numbers were stolen elsewhere, and then used to register NCsoft accounts. It's the equivalent of needing your social security number to sign up for an account. If your social security number got stolen from Best Buy, and then used to register a game account, then who's liable? The company running the game, or the weak link where the data was stolen?
T.H. @ Mar 15th 2006 9:49PM
Jennie,
The assumption is incorrect. The numbers where directly stolen from the NCSoft servers, via hacking.
Somewhere there was some misinformation fed into the story to try to make the details confusing. No less probably orginating from NCSoft directly in an attempt to diffuse the situation.
To address your question: If your S.S.N. was stolen from records maintained by BestBuy, and used to open a credit card account at Walmart, you would sue BestBuy for failure to securely maintain those records - not Walmart.
Walmart could have shared liability, for failure to validate and authenticate the information, but this would be harder to action against. You have to go after the root source.
If your described scenario was indeed the case, then agreed - NCSoft would only have limited liability, and if argued effectively would not be liable. You would go after where the information was stolen from... but that is not the case.
The information was stolen from NCSoft servers and used to create new game accounts as well as a host of other illegal activities at hundreds of other services that require personal identifing information in order to obtain services, products, and credit.
This is where I think the confusion comes from, and somewhere got turned around.
NCSoft will have a hard time getting out of this one. And it is about time, as previously stated. Gaming companies need to overtly state their policies across all operations from GM to security - and then be held equally accountable for them.
jennie @ Mar 16th 2006 7:28AM
Thanks for the clarification T.H.; I'll look into that more, do you have an URL backing up this version of events? All I've found seems to only point to the numbers being "hacked", without further details where from, but understandably it might be a cover-up :)