"We Were Unaware Before the Micropayment Damage Briefing"
"Company-wide Inspection from May to September Revealed Four Server Breach Traces, Two Suspicious Cases"
Gu Jehyung, Head of KT Network Technology Headquarters, is answering questions from the press at the joint briefing by the Ministry of Science and ICT and the Financial Services Commission for hacking response held at the Government Seoul Office in Jongno-gu, Seoul on September 19, 2025. Photo by Jo Yongjun
Amid the ongoing hacking incident involving illegal micro base stations (femtocells) and small-amount payment systems, KT identified new signs of a security breach and reported them to the Korea Internet & Security Agency (KISA) on the night of September 18. This was separate from the second briefing held earlier that day, which announced an increase in the scale of damages; the new findings were uncovered through an external security inspection. Following the 'fake base station' incident, evidence now suggests that even KT's servers have been compromised, raising concerns about the potential spread of damage.
At a briefing on September 19, Ryu Jemyoung, Second Vice Minister of Science and ICT, stated, "KT conducted a company-wide security inspection through an external security firm from May to September 15 and, after reviewing the report, notified the government of a security breach at 11:57 p.m. on the 18th." He added, "It has not yet been determined which server was affected, nor have the route or details of any personal information leaks been confirmed." KT reported four instances of server breach traces and two suspicious circumstances the previous day.
On the afternoon of September 18, KT held a second briefing regarding the small-amount payment damage, revising the number of affected customers from 278 to 362 and the amount of damage from 170 million won to approximately 240 million won. However, just hours later, KT reported additional breach signs, drawing criticism for a "delayed response." In response, Gu Jehyung, Head of KT Network Technology Headquarters, explained, "The illegal breach and marketing departments handled the small-amount payment cases, while the security inspection was conducted separately by the Chief Information Security Officer (CISO) organization. Due to the lack of connection between departments, we only became aware of the situation together on the evening of the 18th and did not know about it before the second briefing." It has not yet been confirmed whether this additional breach is related to the small-amount payment incident.
Regarding the small-amount payment damages, KT has identified 362 victims out of approximately 20,000 customers exposed to illegal base stations, with total damages amounting to about 240 million won. For affected customers, KT is providing bill cancellations and free USIM card replacements. Vice Minister Ryu stated, "The first illegal base station was identified on June 26, and while the possibility of discovering additional IDs is low, we will thoroughly investigate the potential for further damage through forensic and scenario analysis." Gu Jehyung added, "No additional damages have occurred since 3 p.m. on September 5."
This incident has also brought corporate security structures into question. In response to concerns that having the same person serve as both Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO) may have contributed to the incident, Vice Minister Ryu said, "The CISO should report directly to the Chief Executive Officer (CEO) and be able to independently report to the board of directors. We will encourage improvements in corporate security decision-making structures."
The government has classified this incident, along with the recent series of telecommunications and financial hacking cases, as a serious issue undermining public trust and has vowed a strong response. The Ministry of Science and ICT will conduct a fundamental review of the current security system, establish comprehensive countermeasures, impose fines for delayed or unreported incidents, and institutionalize government-led investigations.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
