1.5 Billion Payment Transactions Reviewed
4 Trillion Connection Records Analyzed
Total of 20 Illegal Femtocell IDs Identified
"6 More Victims, 3.19 Million Won in Additional Losses"
KT announced on October 17 that, following a comprehensive review of payment and telecommunications records over the past year in connection with the recent unauthorized micro-payment incident, the number of illegal femtocell (small base station) IDs identified has increased from the previously known 4 to a total of 20, with 16 additional IDs discovered. Among these, suspected unauthorized micro-payment cases occurred from only one femtocell ID. The number of victims increased by 6 to a total of 368, and the additional damage amounted to 3.19 million won, bringing the cumulative losses to approximately 240 million won.
KT explained that, for this investigation, it thoroughly analyzed 1.5 billion telecommunications billing transactions and over 4 trillion connection records between mobile phones and base stations that occurred between August 1, 2024, and September 10, 2025, a period of about one year and two months.
KT tracked the scale of the damage by cross-verifying illegal femtocell ID access histories with all payment data. As a result, in addition to the four previously identified illegal femtocell IDs, 16 new illegal femtocell IDs were discovered, and the number of customers who accessed these IDs increased by about 2,200, totaling approximately 22,200 people.
However, it was found that suspected unauthorized micro-payment cases were limited to only one of the newly discovered femtocell IDs. No abnormal payment activity was detected in the remaining 15 IDs. KT stated, "All abnormal payment attempts were blocked on September 5, and no additional damage has occurred since then."
KT is currently implementing protective measures for the newly identified affected customers. KT also reported that it has supplemented its report to relevant authorities, including the Personal Information Protection Commission, with the findings of this investigation.
No abnormal transactions were detected in PASS authentication or DCB payments (a method of charging content purchases in app markets to the telecommunications bill). The first instance of unauthorized micro-payment occurred on August 5, 2025, and no additional damage has been reported since KT strengthened its security filtering on September 5, 2025.
KT stated, "We apologize for the time required to complete the comprehensive investigation," and added, "We will fully cooperate with the government investigation and police inquiry." However, given KT's history of delayed responses to previous security incidents, it is difficult to conclude that all controversy has been resolved with the release of these investigation results. Previously, KT had minimized the reported scale of damage only to reverse its statement later, and initially denied the possibility of hacking. Some observers remain cautious, noting that it is still possible that some cases of damage were missed in this investigation, and are closely monitoring KT's follow-up actions.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
