In this era of digitalization, it is difficult for any individual, organization or government to protect all information and data they handle ― just as it is impossible to live without traffic accidents unless we go back to the pre-automobile age.

So while we may be outraged and frustrated by cases of leaks or theft of information ― like those which hit three major credit card firms last year ― we tend to say that we should brace for more.

But the data leaks ― in fact, illegal gathering and selling of customer information ― that happened at Homeplus leave us speechless.

The retailer, which runs more than 400 discount stores and supermarkets across the country, allegedly collected more than 7 million items of personal information through 11 in-store prize giveaways between the end of 2011 and July last year. Prosecutors said the company pocketed 14.8 billion won by selling the information to seven insurance firms.

Not surprisingly, the company had had no qualms about taking profits from data to which it had easier access ― that of their own registered customers. It allegedly earned 8.3 billion won from sales of over 16.9 million items of such information to insurance firms.

What’s unbelievable is that all this ― an obvious criminal act ― was committed not by some greedy, corrupt employees or hackers. The company, owned by U.K. retail giant Tesco, ran a unit dedicated to the illegal collection and sale of information of its customers and participants in the giveaways.

The “Insurance Service Team” had its own revenue target and it used the free giveaways as bait to acquire personal information. Unlike promotional giveaways at other companies, registration forms for the Homeplus events even required participants to provide information like birth dates, number of children and who they live with, which added value to the personal data.

Homeplus employees were prodded and given incentives to draw as many customers to the giveaways as possible. For instance, cashiers were given cash rewards ― 100 won per customer who signed up for the events. Employers of suppliers were also pressed to draw entrants to the events.

All things considered, it is not hard to believe that the retail giant was engaged in the illegal act under the direction of its top management.

The prosecution has indicted the company, its CEO, five former and sitting executives, and two insurance company officials. Given the nature and scope of the wrongdoing, they deserve heavy punishment.

Regardless of the legal punishment, Homeplus and its parent company Tesco ought to offer apologies and take due steps to compensate the customers whose information was breached.

If not, it could slip into a deeper crisis. Consumer activists and civic groups have already called for a boycott of Homeplus stores and a class action suit, which many support.

Authorities also need to look into the possibility that there may be similar cases in other businesses, not least retail outlets that frequently organize prize giveaways. Overall, the Homeplus case should remind us of the importance of watching out for illegal, improper use of information and data.