Requested by Chairperson Minhee Choi's Office... Legislative Research Office Responds
Analysis: "Likely to Be Judged in the Same Framework as the SKT Incident"
There is analysis suggesting that KT, which experienced incidents of small-amount payment fraud, could also implement customer penalty waiver measures similar to SK Telecom.
At the hearing on the large-scale hacking incident in telecommunications and finance held by the National Assembly's Science, Technology, Information, Broadcasting, and Communications Committee, Youngseop Kim, CEO of KT, is submitting a written oath to Chairperson Minhee Choi. 2025.9.24 Photo by Hyunmin Kim
According to the National Assembly on October 5, the Legislative Research Office submitted a written response to Chairperson Minhee Choi of the Science, Technology, Information, Broadcasting, and Communications Committee, stating, "There are grounds for penalty waivers from the perspective of attributable responsibility."
Previously, Chairperson Choi had requested the Legislative Research Office to investigate whether KT customers could be exempted from penalties based on the circumstances of the incident revealed so far.
Chairperson Choi also inquired whether the company could be held responsible for causing anxiety among users, even if no financial loss or personal information leakage had been confirmed. The Legislative Research Office replied, "It is likely to be judged in the same framework as the SKT incident."
Regarding negligence in the security breach, the office cited the following as grounds: inadequate management of ultra-small base stations such as femtocells; delayed response despite police notification; and initial denial followed by later admission of personal information leakage.
On the question of whether KT violated its primary obligations in providing telecommunications services to users, the office cited the directness of financial damage and the possibility of further personal information leakage as reasons for determining that KT had breached its 'primary obligations.' This, they noted, could be seen as grounds for penalty waivers.
The office pointed out that, unlike the SKT hacking incident, the KT small-amount payment fraud involved direct financial damage occurring after the initial personal information leakage, making the impact more direct than in the SKT case.
However, they added that, compared to SKT, which saw 26.96 million subscriber identification numbers (IMSI) leaked, the KT incident involved only 20,030 cases of suspected leakage as of September 18, making the scale relatively smaller. Furthermore, the fact that KT did not actually bill customers for the small-amount payment damages and instead implemented waivers could be grounds for assessing the risk as lower.
Chairperson Choi stated, "During the SKT hacking incident, not only were penalty waivers granted according to the terms and conditions, but additional compensation such as fee discounts was also provided. Since KT's negligence has already been clearly revealed, and the cause of the hacking has yet to be identified, leaving users' anxiety unresolved, KT management must prepare both a penalty waiver and an additional compensation plan."
She continued, "The Ministry of Science and ICT should also actively consider penalty waivers in light of the seriousness of the KT hacking damages," urging a prompt review.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
