• South Korea’s mobile sector is in the cybersecurity spotlight again
• KT Corp has confirmed the potential leak of subscriber data impacting more than 5,000 customers 
• The news comes in the wake of SK Telecom’s major data breach 

KT Corp has become the second South Korean mobile operator this year to report a cybersecurity breach to the country’s data protection authorities, with the operator confirming on Thursday that 5,561 customers may have had their subscriber data stolen by hackers. 

While the reported breach is nowhere near the magnitude of SK Telecom’s disastrous data breach, which affected more than 23 million customers and has led to the imposition of financial penalties on SKT, KT’s cybersecurity incident will weigh heavily on the country’s mobile sector and have the nation wondering if the country’s telcos can be trusted to protect their data.

KT confirmed during a press conference held on Thursday that the personal data of 5,561 customers may have been stolen by hackers who managed to connect illegal mini base stations to KT’s network and intercept mobile customer transmissions. According to the operator, about 19,000 KT customers connected to the illegal base stations but only some of them had their personal data compromised.  

The operator reported to South Korea’s data protection regulator, the Personal Information Protection Commission (PIPC), that international mobile subscriber identity (IMSI) information, which is stored on users’ mobile phone SIM cards and which identifies subscribers for authentication and authorisation purposes, might have been leaked via the illegal microsites. 

The PIPC announced (in Korean) that it will “verify the specific circumstances of the leak, the extent of the damage and compliance with safety measures, and will take action in accordance with relevant laws and regulations if any violations are discovered.” 

KT said it has contacted all 19,000 affected customers and will replace their SIM cards and provide a USIM protection service, all free of charge. 

While the language being used to describe the breach is cautious, there seems little doubt that the hackers have not only stolen the customer data but are now using it to make fraudulent micropayments: According to the Yonhap news agency, impacted KT customers have logged 278 cases of unauthorised mobile payments worth 170m won ($122,000) with the Korean authorities.  

According to Business Korea, KT’s CEO Kim Young-seop told the press conference: “I stand here with a heavy heart to apologise for causing great anxiety and concern due to the recent small payment damage incident. I sincerely apologise to the public, customers and relevant agencies for causing worry, and I bow my head in apology to the affected customers. We are identifying the cause of the incident with the relevant authorities and are taking technical measures to prevent additional damage by mobilising all our capabilities. We will devise a 100% compensation plan for affected customers. We will fulfill our obligations and role as a telecommunications company.”

Following SK Telecom’s major breach, which was first announced in April this year, the company announced a $514m investment in new security systems and processes as part of its Accountability and Commitment Program, which was launched to “rebuild customer trust”. 

Then, in mid-July, KT pledged to invest more than 1 trillion won ($730m) over the next five years on its cybersecurity defences, while in late July LG Uplus, the country’s third major mobile operator, issued a press release (in Korean) to say it would invest 700bn won ($504m) over the next five years in its “information security” systems as it unveiled its “security-first strategy”. 

- Ray Le Maistre, Editorial Director, TelecomTV