KT cyber breach deepens as victim tally climbs

Korea’s telecom carrier KT Corp. is facing mounting criticism after the scale of a recent mobile micro-payment breach ballooned, with hundreds of victims and rising losses revealed Sunday in fresh data from parliament.
The incidents, initially thought to be confined to pockets of southwestern Seoul, have spread across multiple districts and neighboring provinces, raising questions about the telecom giant’s disclosure and response.
Between Aug. 5 and 8, 15 people in Seoul's Dongjak-gu, Gwanak-gu and Yeongdeungpo-gu lost a combined 9.62 million won ($7,000) in 26 illegal transactions, according to data compiled by Rep. Hwang Jung-a of the ruling Democratic Party of Korea, based on figures provided by the telecommunication giant.
The fraudsters later struck Seocho-gu, defrauding three victims of 2.27 million won, before moving on to Geumcheon-gu, Seoul, and Gwangmyeong, Ilsan and Gwacheon in Gyeonggi Province.
Nearly 100 unauthorized transactions worth about 30 million won were also recorded on Sept. 4-5, just before KT blocked abnormal payment attempts.
The company initially told parliament there were no cases on those dates, but later revised its tally to 362 victims and 764 transactions, up from 278 and 527. KT said abnormal attempts were blocked in the early hours of Sept. 5 and that no further unauthorized charges have occurred since.
Hwang criticized the company for limiting its investigation to cases involving intercepted automated response signals, saying KT had downplayed the scale of the incident. Some victims reported unauthorized PASS identity verifications and unapproved logins to apps such as KakaoTalk, suggesting broader vulnerabilities.
"If KT had released detailed information on the timing and locations of the fraud earlier, it could have aided the investigation," Hwang said. "It is difficult to understand why the company is only disclosing key details in fragments."
She called for stronger penalties than those imposed on SK Telecom in a similar case, along with mandatory compensation for victims.
Hwang also separately revealed that South Korean companies have reported more than 7,000 cyber breaches to authorities over the past six years, with cases climbing sharply in recent years.
According to figures submitted by the Korea Internet & Security Agency, 7,198 incidents were reported between 2020 and Sept. 14 this year, including cases overseen by the Financial Services Commission.
The annual tally rose from 603 in 2020 and 640 in 2021 to 1,142 in 2022. Reports then increased to 1,277 in 2023 and 1,887 in 2024, while this year's total has already reached 1,649 with more than three months remaining.
System hacking has emerged as the dominant form of corporate cyber breaches, accounting for more than 60 percent of reported incidents since 2020. The report showed 4,354 system-hacking cases occurred over the past six years, compared with 1,502 malware infections and 1,342 distributed denial-of-service attacks.
The share of system hacking rose from 41 percent of incidents in 2020 to nearly 73 percent last year, and stands at 61 percent so far in 2025.
“After recent breaches at telecom and financial firms that caused serious harm to the public, cybersecurity must be treated not only as a technical issue but as a matter of national security requiring joint public-private action,” Rep. Hwang said.
Ministry of Science and ICT and the Financial Services Commission vowed a sweeping government response Friday to a surge in high-profile cyberattacks that have rattled the nation’s telecommunications and financial sectors.
A separate breach at Lotte Card exposed personal data from about 2.97 million customers, though no fraudulent use of the leaked data has been confirmed.
Copyright © 코리아헤럴드. 무단전재 및 재배포 금지.