KT Detected Server Breach on the 15th, But Reported Three Days Later
Failed to Comply with 24-Hour Reporting Obligation
Concerns Over Possible Leak of Authentication Keys Needed to Create Cloned Phones
Lotte Card and KT officials are attending the joint briefing by the Ministry of Science and ICT and the Financial Services Commission for hacking response held at the Government Seoul Office in Jongno-gu, Seoul on September 19, 2025. Photo by Jo Yongjun
Following the unauthorized small payment incidents at KT, it has been additionally confirmed that the company's servers were also breached by hackers. KT’s delayed reporting has once again come under scrutiny. Although KT became aware of the server breach on the 15th, it was not until the night of the 18th-three days later-that the company belatedly notified the authorities, thereby violating the regulation that requires reporting within 24 hours.
According to the Korea Internet & Security Agency (KISA) incident report obtained by Assemblywoman Choi Sujin, a member of the National Assembly's Science, ICT, Broadcasting, and Communications Committee, KT first detected the server breach at 2 p.m. on the 15th. However, the actual report was not filed until 11:57 p.m. on the 18th. Under relevant laws, companies are required to report hacking incidents within 24 hours of first discovery, but KT failed to comply with this requirement.
On the morning of the 19th, KT distributed a press release stating, "We have reported four cases of server breach traces and two suspicious circumstances to KISA." The company further explained, "After this year's hacking incidents at telecommunications companies, we commissioned an external security firm to conduct a comprehensive investigation of all company servers over approximately four months. We confirmed the breach circumstances through the resulting report."
KT held a second briefing on the unauthorized small payment incidents the previous day, but at that time, the company did not disclose any information about the server breach.
After criticism arose over the failure to disclose the server breach at the previous day’s press conference-despite having detected it on the 15th-Koo Jaehyung, Head of KT’s Network Technology Division, explained, "The small payment incidents are being handled by the network and marketing departments, while the server inspection is being conducted separately by the Chief Information Security Officer (CISO), so there was no interconnection." He cited "lack of internal communication" as the reason for the delayed reporting, but both industry insiders and outsiders have raised doubts about this explanation.
Even after the discovery of both unauthorized small payment incidents and server breaches, the government joint briefing on cyber incidents held on the morning of the 19th was marked by a passive response, making it difficult for KT to avoid criticism for its delayed handling. As the response continues to lag, the scale of the damage and the extent of personal information leaks are steadily increasing. According to KT, the number of victims of unauthorized payments has grown from 278 to 362, and the amount of damage has increased from 170 million won to 240 million won.
With the server breach confirmed, there are concerns not only about the leakage of subscriber identification information (IMSI) and international mobile equipment identity numbers (IMEI), but also about the possible exposure of authentication keys needed to create cloned phones. However, KT has dismissed these concerns. When asked about the possibility of cloned phones at the briefing, Koo stated, "There is no such possibility," but regarding the information leaked from the server, he said, "We reported it last night, so we will have to wait for the results of the joint investigation team."
Ryu Jemyung, Vice Minister of Science and ICT (right), and Kwon Daeyoung, Vice Chairman of the Financial Services Commission, greet each other while attending the joint briefing between the Ministry of Science and ICT and the Financial Services Commission for hacking response at the Government Seoul Office in Jongno-gu, Seoul on the 19th. Representatives from Lotte Card and KT were present at the briefing to answer questions from the press. September 19, 2025. Photo by Jo Yongjun
After the SK Telecom hacking incident, hacking damages have rapidly spread from KT to Lotte Card as well, but there are criticisms that the government response remains lukewarm. On the morning of the 19th, the Ministry of Science and ICT and the Financial Services Commission held an emergency joint briefing and announced countermeasures to prevent further hacking, but critics argue that these measures do not go significantly beyond previous announcements.
The Ministry of Science and ICT stated that it will focus on minimizing hacking damages in cooperation with related ministries, with the National Security Office taking the lead. Ryu Jemyung, the Second Vice Minister of the Ministry of Science and ICT, said, "With the National Security Office at the center, the Ministry of Science and ICT, the Financial Services Commission, the National Intelligence Service, the Personal Information Protection Commission, and other relevant departments are discussing the issue together," adding, "A comprehensive government response is being devised through inter-ministerial meetings led by the National Security Office, considering both overall and sector-specific countermeasures."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
