KT servers breached following repeated microtransaction cases

KT, which has recently experienced repeated incidents of unauthorized microtransactions affecting subscribers, has confirmed signs of a breach on its own servers. As in the SK Telecom hacking case, there is a possibility that large amounts of subscriber personal information were exposed, which could have significant repercussions depending on the outcome of the investigation.

According to KT and the Ministry of Science and ICT on Sept. 19, the company reported four instances of server breach traces and two suspicious cases to the Korea Internet & Security Agency (KISA) at 11:57 p.m. the previous day. This means that traces of hacker access were found on the servers, or that some data on the servers had been deleted or damaged, raising suspicions of a hacking incident.

The breach was uncovered during a company-wide server investigation conducted by an external security firm to accurately assess the situation following the SK Telecom SIM hacking incident in April. The investigation lasted approximately four months.

There has also been controversy over KT’s delayed reporting of the server breach. According to a KISA incident report obtained by Choi Soo-jin, a lawmaker from the People Power Party serving on the National Assembly’s Science, ICT, Broadcasting and Communications Committee, KT noted the time it became aware of the breach as 2 p.m. on Sept. 15. The report was submitted three days after the company first learned of the incident.

On the morning of Sept. 19, the Ministry of Science and ICT and the Financial Services Commission held a joint briefing on cyber incidents affecting telecommunications and financial companies and outlined measures for future responses. The government said it plans to strengthen penalties, including fines, if companies intentionally delay or fail to report breaches. It also announced plans to introduce punitive charges to ensure that companies bear responsibility in proportion to the social impact of security incidents.

The National Assembly’s Science, ICT, Broadcasting and Communications Committee held a plenary session that morning and decided to conduct a hearing on the large-scale hacking incident on Sept. 24. KT CEO Kim Young-seop and others were named as witnesses. A presidential office official said regarding the repeated hacking incidents, “The presidential office is closely monitoring the situation and discussing necessary response measures,” adding, “We view the matter very seriously.”


김하경기자 whatsup@donga.com