KT: Over 5,000 Customers' USIM Information Leaked... Compensation Plans for Affected Customers Announced (Comprehensive)

KT has confirmed indications of customer information leakage through illegal micro base stations in connection with the recent small payment damages. Investigations have revealed that the International Mobile Subscriber Identity (IMSI) information of a total of 5,561 customers may have been leaked externally as a result of this incident. KT will proceed with replacing the USIM cards of customers whose IMSI may have been leaked and will also prepare compensation measures in the future.

Kim Youngseop, CEO of KT, stated at a press conference held on the afternoon of September 11 at the KT Gwanghwamun West Office in Jongno-gu, Seoul, "I sincerely apologize for causing concern to the public, our customers, and related organizations who care about KT, and I bow my head in apology to the affected customers."

CEO Kim explained, "On September 8, we reported the abnormal small payment breach to the Korea Internet & Security Agency (KISA) and are working with the relevant authorities to determine the cause. We have deployed all available resources from our employees to complete technical measures to prevent further damages."

Regarding future compensation and prevention measures, he added, "We will devise and implement a 100% compensation plan for affected customers. We will also fully cooperate with the Ministry of Science and ICT, the Personal Information Protection Commission, and the National Police Agency to thoroughly identify the cause. We will do everything possible to ensure that such incidents never happen again," he said, bowing his head.

KT also apologized for its earlier assertion at the Ministry of Science and ICT briefing the previous day that there were no indications of personal information leakage. Koo Jaeyoung, Head of KT's Network Technology Division, said, "As a result of further analysis, we confirmed today (September 11) that there are indications of IMSI information leakage. We apologize for stating yesterday that there were no such indications. However, we have determined that there are currently no cases of illegal device changes or cloned phones."

KT's own investigation confirmed that two illegal micro base stations had been connected to KT's network. It is known that these illegal base stations were connected to KT's network since June 26. Approximately 19,000 customers received signals from these stations. Of these, 5,561 customers sent IMSI signals to the illegal base stations. Among the customers whose IMSI information may have been leaked, 278 suffered financial losses as a result of this incident. The average loss per person was estimated at 540,000 won.

Upon confirming the possibility of IMSI leakage, KT reported the matter to the Personal Information Protection Commission on the afternoon of September 11 and notified the affected customers via SMS. A dedicated link was also provided for checking damage status, applying for USIM replacement, and enrolling in protection services. Customers can also check for IMSI leakage after logging in to KT.com.

KT will provide free USIM replacement and USIM protection service enrollment to all approximately 19,000 customers who have a history of receiving signals from illegal micro base stations. Immediate replacement is available through nationwide retail stores, online channels, and customer centers, and KT stated that it has secured a sufficient supply of USIM cards for smooth response. USIM replacement by courier and in-person replacement for elderly customers are also supported. KT announced that it currently holds an inventory of over one million USIM cards.

KT will also compensate customers who suffered losses from this incident. First, customers who incurred small payment damages will not be charged for the payment amounts. Compensation plans will also be prepared for customers whose personal information, including IMSI, was leaked. Kim Younggeol, Head of Service Product Division, said, "KT will take full responsibility for financial damages," adding, "We will quickly establish compensation measures for affected customers."

KT is also considering waiving penalties for customers wishing to switch mobile carriers due to this incident. Kim stated, "We will include the penalty waiver in our compensation plan and review it from the customer's perspective."

KT defined this incident as "a serious matter directly related to customer trust" and issued a deep apology. In addition, to protect customers and prevent recurrence, KT is implementing follow-up measures such as automatic blocking of abnormal payments, strengthening authentication methods, conducting a full investigation and payment waivers, and operating a dedicated 24-hour customer center.

In particular, KT has established a dedicated call center to enable customers to immediately report suspicious calls or texts suspected of personal information misuse or damages related to small payments. Starting September 12, only PASS-based biometric authentication will be applied for identity verification during small payments.

Currently, a joint public-private investigation and police probe involving the government, related agencies, and law enforcement is underway to determine the specific types of illegal micro base stations and abnormal access methods. KT stated, "We will actively cooperate with the investigation to identify the cause and establish institutional improvements."

However, the payment processes of customers who suffered actual small payment damages due to this incident will need to be examined through the investigation, as personal information such as date of birth is required during the small payment process. Koo Jaeyoung, Head of Network Technology Division, said, "Even if a user connects to an illegal micro base station, it is not possible to extract personal information such as date of birth," adding, "We are actively cooperating with the police investigation, and identifying the perpetrator will be key to resolving outstanding questions."

Regarding suspicions that an internal KT employee may have been involved in the crime, a KT representative stated, "There is no confirmation of insider involvement, but it can be inferred that the perpetrator has considerable knowledge of telecommunications. We will wait for the results of the investigation," the official explained.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.