Damages Spread Beyond Previously Reported Areas
It was belatedly discovered that unauthorized micro-payment fraud involving KT occurred not only in the previously reported areas of Gwangmyeong, Bucheon, and Gwacheon in Gyeonggi Province, Geumcheon and Yeongdeungpo in Seoul, and Bupyeong in Incheon, but also in Seocho-gu and Dongjak-gu in Seoul, and Ilsandong-gu in Goyang, Gyeonggi Province.
According to data on affected regions, based on authentication timestamps submitted by KT to Assemblywoman Hwang Jeonga of the National Assembly's Science, ICT, Broadcasting and Communications Committee on September 21, areas such as Dongjak-gu and Seocho-gu in Seoul, and Ilsandong-gu in Goyang were also included in addition to the previously known locations.
Between August 5 and 8, the period KT identified as the initial time of the incidents, 15 people in Dongjak-gu, Gwanak-gu, and Yeongdeungpo-gu in Seoul suffered losses totaling 9.62 million won across 26 unauthorized transactions. The perpetrators then targeted Seocho-gu in Seoul on August 8 and 11 (skipping the weekend), causing six unauthorized micro-payment incidents affecting three people, with total damages of 2.27 million won. Subsequently, the fraud occurred in Gwangmyeong, Gyeonggi Province on August 12-13, Geumcheon-gu, Seoul on August 15, Ilsandong-gu, Goyang, Gyeonggi Province on August 20, and Gwacheon, Gyeonggi Province on August 21. After a four-day hiatus, from August 26, as previously reported, the fraud continued in Geumcheon-gu, Gwangmyeong, Sosa-gu in Bucheon, Gyeonggi Province, and Bupyeong-gu in Incheon.
Assemblywoman Hwang criticized, "If KT had released more specific information about the locations and timing of the incidents sooner, it would have greatly aided the investigation. It is difficult to understand why KT is only now disclosing key information in such a piecemeal manner."
Furthermore, it was found that even on September 4 and 5, when the KT unauthorized micro-payment incident was first reported, there were nearly 100 unauthorized transactions, indicating that a significant number of unauthorized micro-payments occurred right up until the abnormal payment attempts were blocked. On September 4, the first day the incident became known, 36 users suffered 83 cases of unauthorized transactions totaling 24.99 million won, and on September 5, 11 people were affected in 14 cases totaling 5.5 million won.
Previously, KT reported to the National Assembly that there were no cases of damage on September 4 and 5, but in its first announcement, the company counted 278 victims. This was later revised to 362 victims after including the cases from September 4 and 5. The number of incidents also increased from 527 in the initial count to 764. KT stated, "Since abnormal micro-payment attempts were blocked early in the morning on September 5, there have been no further unauthorized micro-payment incidents."
There are criticisms that the continued expansion of reported KT damages is due to the company's arbitrary and passive response, which has been limited to handling only cases involving Automated Response System (ARS) calls. KT has only focused on cases where hackers intercepted ARS signals that should have been sent to victims' mobile phones and succeeded in unauthorized micro-payments, thus counting damages solely based on ARS reception circumstances.
Assemblywoman Hwang stated, "The more the full scope of the KT hacking incident is revealed, the clearer it becomes that KT has only offered false excuses." She urged, "Even now, KT must directly notify all customers who have experienced micro-payments and conduct a comprehensive investigation into the damages." She further emphasized, "KT, which has repeatedly attempted to intentionally minimize and conceal the damages, should face even stronger sanctions and be compelled to compensate victims, more so than in the SKT case."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
