• KT Corp reported a potential data breach to the South Korean authorities last week after its mobile network infrastructure was compromised
• Now it has confirmed the details and magnitude of that incident
• It has also now reported multiple incidents of internal server intrusion

A cybersecurity cloud is casting an ever darker shadow over South Korean operator KT Corp which, only a week after reporting that its hackers had likely stolen subscriber information after managing to connect illegal mini base stations to the operator’s network, has now admitted that its internal servers have also been compromised on a number of occasions. 

KT became the second South Korean mobile operator this year to report a cybersecurity breach to the country’s authorities when it reported on 10 September that 5,561 customers may have had their data stolen by hackers who compromised the operator’s radio access network (RAN) and illegally gathered subscriber information. That information was then used to make fraudulent micropayments – see South Korea’s KT admits data breach.

The news was a hammer blow for the country’s mobile sector, as earlier this year, SK Telecom reported a disastrous data breach that affected more than 23 million customers and led to the imposition of financial penalties. 

Now KT has confirmed to South Korea’s data protection regulator, the Personal Information Protection Commission (PIPC), that the scale of its mini base station-related breach affected 20,030 of KT’s mobile customers, who had their international mobile subscriber identity (IMSI) information – which is stored on users’ mobile phone SIM cards and which identifies subscribers for authentication and authorisation purposes – as well as their device identification numbers (IMEI) and mobile phone numbers stolen. 

In a statement (in Korean), the PIPC noted that it began its investigation into KT’s breach on 10 September and that it is “currently verifying the specific circumstances of the leak, the extent of the damage, and compliance with safety measures.” It added, “If any violations of the law are discovered… disposition will be taken in accordance with relevant laws and regulations.” 

And in a separate submission to the authorities, KT informed the Korea Internet & Security Agency (KISA) late on Thursday evening that it has discovered evidence of “cyber intrusion” of its internal servers. According to the JoongAng Daily, following a four-month investigation, KT reported four instances of server intrusion and noted two other “suspicious” events. 

“We will fully cooperate with the government investigation to swiftly identify the compromised servers and do our utmost to determine the cause and extent of the breach,” KT said in a statement.

According to the Yonhap news agency, the submission of the report to KISA came only hours after KT had participated in a press conference to provide an update on the illegal mini base station-related data breach, with the telco claiming it wasn’t aware of the server breach until after that media briefing. 

- Ray Le Maistre, Editorial Director, TelecomTV