By Kim Tong-hyung
Staff Reporter

The news keeps getting worse for Auction (www.auction.co.kr), eBay's local unit and the country's largest online retailer, which has become the face of Korean ineptitude in cyber security.

The company had struggled to recover from the fallout of a highly-publicized data theft case initially reported to involve 10.8 million of its customers, although is breathing a little easier when a recent court ruling saved it from a severe class-action payout.

However, Auction officials are now depressingly mumbling ''here we go again.'' The police announced Thursday that the Chinese hackers who breached the Auction's servers in 2008 took the information of more than 18.6 million people, not 10.8 million, basically taking the company's entire customer database.

Lawyers are on cue for another round of class-action lawsuits, looking for fresh plaintiffs among the newly eligible 7.8 million.

In his member-only Web community on Daum (www.daum.net), lawyer Park Jin-seok, who had pursued a class-action lawsuit against Auction, claimed that the recent police report defies some of the key arguments the company had made in court. .

''The police report and the claims of Auction are inconsistent,'' Park wrote, questioning whether Auction had been hiding the facts of its extra 7.8 million victims despite knowing about it much earlier.

''The police investigation records of Jan. 28 state that the number of Auction customers in the data theft case could be as many as 19.71 million. … Auction claims that it was recently notified about the additional 7.82 million victims, but it's hard to imagine the company not knowing about this during the investigation in 2008.''

The data stolen by the Chinese hackers included the names, IDs, home addresses and resident registration codes, Korea's equivalent to social security numbers, the police said.

An Auction spokesman denied the claims that the company deliberately tried to downplay the size of the incident.

''Based on the evidence gathered by the police investigation in February and April of 2008, only 10.81 million victims were confirmed. We were quick in our response to reduce the damages, including requiring our users to change their passwords,'' he said.

The country has been hit by a slew of privacy infringement cases, the latest involving the stealing of personal data of more than 20 million people subscribed to the online services of major retailer Shinsegae and I Love School (www.iloveschool.co.kr), a social media site.

This was the country's largest ever identity theft case, nearly double the 11 million GS Caltex customers who had their personal information stolen by employees at one of the refinery's subsidiaries in 2008.

thkim@koreatimes.co.kr