"Concealment or Incompetence?" KT Faces Intense Criticism... CEO Kim Youngseop Responds to Calls for Resignation: "Resolving the Situation Comes First" (Comprehensive)

KT has admitted to inadequate management of femtocells, ultra-small base stations suspected of being used in unauthorized micro-payment incidents. KT announced that it is investigating damages across all micro-payment authentication methods, including SMS. The company is also actively considering waiving penalties for a select group of customers whose personal information was leaked.

On September 24, Kim Youngseop, CEO of KT, appeared as a witness at the National Assembly's Science, Technology, Information, Broadcasting, and Communications Committee hearing on the KT and Lotte Card hacking incidents. He stated, "Upon reviewing the management of femtocells after the micro-payment incident, we found many loopholes and poor oversight," adding, "After the incident, we took measures to prevent illegal femtocells from connecting to the network."

Kim Youngseop, CEO of KT, is responding to lawmakers' questions at a hearing on large-scale hacking incidents in telecommunications and finance held by the National Assembly's Science, Technology, Information and Broadcasting and Communications Committee on the 24th. On the left is Cho Jwajin, CEO of Lotte Card. 2025.9.24 Photo by Kim Hyunmin

In response to People Power Party lawmaker Lee Sanghui's assertion that inadequate femtocell management was the cause of the incident, CEO Kim acknowledged this and bowed his head. It was revealed that the installation and management of KT's femtocells are handled by subcontractors. According to materials disclosed at the hearing, KT had previously set the femtocell authentication period at 10 years but reduced it to one month after the incident. SK Telecom requires authentication every time femtocell equipment is rebooted, while LG Uplus has a two-year authentication period, but if there is no traffic for more than 30 days, the power is shut off.

Kim also expressed the company's intention to assess the scale of damages for customers who suffered losses through authentication methods other than ARS, such as SMS. When Democratic Party lawmaker Hwang Jeonga pointed out that KT was passively investigating damages based only on ARS authentication, CEO Kim responded, "The analysis initially focused on ARS because it takes time, but we are now analyzing data on all authentication methods, including SMS," indicating plans to expand the scope of the investigation.

However, CEO Kim avoided directly answering repeated calls from lawmakers to take responsibility and step down. He said, "It is inappropriate to discuss resignation at this time," adding, "Our priority should be to do our utmost to resolve this situation."

In response to Democratic Party lawmaker Han Minsu's request to consider waiving penalties for departing customers, Kim replied, "We are actively reviewing penalty waivers for the 20,030 customers whose personal information was leaked." When Han suggested that the penalty waiver should be extended to all customers, Kim answered, "We will make a decision based on the final investigation results."

Addressing suspicions of a cover-up that arose in the early stages of the incident regarding server disposal and reporting timelines, CEO Kim admitted, "There were issues during the fact-checking process," but explained, "While there were inappropriate or insufficient aspects in various handling processes, there was no organized intent to conceal."

On September 24, at the hearing on the large-scale hacking incidents in telecommunications and finance held by the National Assembly Science, Technology, Information and Broadcasting and Communications Committee, Chairperson Minhee Choi is striking the gavel. 2025.9.24 Photo by Hyunmin Kim

Lawmakers from both the ruling and opposition parties on the committee sharply criticized KT and related agencies. One lawmaker said, "It is shameful for KT to even use the name of a national key communications network," insisting that "all executives involved, including CEO Kim, should resign." The lawmaker further stated, "The public is anxious and concerned, yet you are trying to downplay and conceal the incident. This is deceiving the entire nation."

Democratic Party lawmaker Hwang Jeonga displayed a photo of a KT agency's advertisement from last April during the SKT USIM hacking incident, which read, 'Come to KT, safe from hacking,' and criticized, "Aren't you ashamed? KT, which once made such claims, is now only repeating falsehoods, manipulation, concealment, and minimization regarding its own hacking incident." She also pointed out that the unauthorized micro-payment damages at KT were belatedly revealed to have occurred in Seoul's Seocho and Dongjak districts, as well as Goyang in Gyeonggi Province, saying, "If this is not concealment, then it is incompetence. Even a small shop wouldn't handle things this poorly."

People Power Party lawmaker Park Junghoon also commented, "Watching this situation unfold, I truly feel that KT's organizational culture is disappointing," adding, "This could have been easily prevented. There were plenty of warning signs, but they were all ignored." He also referred to KT's transition from the former state-owned Korea Telecom to privatization, remarking, "It seems the bureaucratic mindset still persists even after KT's privatization."

People Power Party lawmaker Kim Jangkyum pointed out that Minister Bae Kyunghoon of the Ministry of Science and ICT was on a business trip to the United States, questioning, "Does he not understand the seriousness of the situation? Shouldn't he be present at such a critical hearing?" However, Committee Chairperson Minhee Choi of the Democratic Party explained, "Minister Bae is currently accompanying the President on a United Nations schedule and is attending to important duties."

Democratic Party lawmaker Noh Jongmyeon also criticized KT for only taking action to assess the situation after seven internal contacts, despite being notified of the damages by the police at the onset of the incident, saying, "This is just passing the buck. Are you claiming you missed it because of heavy workload?" He further urged, "Even now, KT should honestly admit to concealment and minimization, apologize, and pledge to prevent recurrence."

Ryu Jemyoung, Second Vice Minister of Science and ICT, responded to People Power Party lawmaker Park Junghoon's question about whether there is still a risk, despite KT's claim that key personal information needed to generate cloned phones, such as authentication keys, was not leaked in the hacking, by saying, "We will closely examine those aspects." He added, "KT reported that the authentication keys were not leaked, but we will thoroughly investigate this through the joint public-private investigation team without relying solely on KT's statements."

Kim Seungjoo, a professor at Korea University's Graduate School of Information Security who attended as a reference, advised, "Just as the national agenda includes the three-axis defense system (detection, defense, neutralization), we should consider how to establish a similar three-axis system in the field of cybersecurity."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.