Government Announces Tough Measures Against Hacking... Plans for Ex Officio Investigations and Punitive Fines

Ryu Jemyung, Vice Minister of Science and ICT, and Kwon Daeyoung, Vice Chairman of the Financial Services Commission, held a joint briefing between the Ministry of Science and ICT and the Financial Services Commission on hacking response at the Government Seoul Office in Jongno-gu, Seoul on the 19th. At the briefing, officials from Lotte Card and KT were present to answer questions from the press. September 19, 2025 Photo by Jo Yongjun

원본보기 아이콘

KT, which recently experienced a hacking incident involving illegal micro base stations (femtocells), has confirmed evidence of a server breach and reported it to the relevant authorities. With signs of a large-scale data leak at Lotte Card and now indications that KT's servers have also been compromised, concerns are mounting that the scope of hacking damage may expand. The government has formalized an interagency joint response, unveiling strong countermeasures such as the introduction of punitive fines and the institutionalization of ex officio investigations.

On September 19, KT announced that it had confirmed signs of a server breach and reported the incident late in the afternoon of the previous day, the 18th, to the Korea Internet & Security Agency (KISA). This finding resulted from a comprehensive inspection by an external security firm conducted over the four-month period from May to September 15. KT reported four instances of server breach and two additional suspicious cases to KISA. KT stated that the breach was discovered during a recent review of the inspection report.

On the afternoon of the 18th, KT held a second briefing regarding the femtocell hacking incident, expanding the reported scale of the damage from 278 customers and 170 million won to 362 customers and approximately 240 million won. KT also announced plans to cancel charges for affected customers and provide free USIM card replacements. Less than a day later, the company disclosed additional cases of damage.

Ryu Jemyung, Vice Minister of Science and ICT, stated at the government joint briefing on the 19th, "KT reported the security breach after receiving and internally reviewing the inspection report covering May to September." He added, "The specific server has not been identified, and the route of personal information leakage has not yet been confirmed." Koo Jaehyung, Head of Network Technology at KT, explained, "The small payment cases were handled by departments related to illegal intrusions and marketing, while the security audit was conducted separately by the Chief Information Security Officer (CISO) organization, so there was no connection between them." He continued, "It was only in the evening of the 18th that we became aware of the situation together, and we were not aware of the facts before the second briefing."

According to the government, the scale of KT's damage has increased to 362 customers and approximately 240 million won, up from previous announcements. The number of customers exposed to illegal base stations has been confirmed at 20,030. KT is currently processing charge cancellations and providing free USIM card replacements. Since September 9, only base stations that have completed authentication are allowed to access the internal network. As of now, unregistered illegal base stations are blocked from network access.

The joint public-private investigation team is focusing on analyzing the following: how illegal base stations accessed KT's internal network, the methods used to intercept communications, and the routes through which personal information necessary for small payments was obtained. The team will continue to oversee protective measures for any newly identified victims and swiftly investigate the facts of the newly reported breaches.

The government is on high alert, as the KT server breach was confirmed at the same time as the announcement of Lotte Card's large-scale data leak. The Financial Services Commission revealed that Lotte Card's online payment server was hacked, resulting in the leak of a total of 200GB of data-far more than the initially reported 1.7GB-affecting approximately 2.97 million individuals. Of these, 2.69 million cases involved limited information, making fraudulent use unlikely, and for the remaining 280,000, the direct risk is not significant. However, vulnerabilities in 'key-in' payments at some merchants were identified, prompting the enhancement of the Fraud Detection System (FDS).

The Ministry of Science and ICT and the Financial Services Commission announced strong countermeasures on this day. The Ministry of Science and ICT will fundamentally review and overhaul the security system, strengthen penalties for delayed or unreported incidents, and promote the institutionalization of government ex officio investigations. At the same time, the ministry will introduce incentives for corporate security investment and advance AI-based security systems. The Financial Services Commission will conduct emergency IT and information security inspections under the responsibility of each company's CEO, strengthen the authority of CISOs, expand consumer disclosures, and accelerate institutional improvements such as the introduction of punitive fines. An interagency joint response system led by the National Security Office will also be activated.

원본보기 아이콘

Kwon Daeyoung, Vice Chairman of the Financial Services Commission, stated, "We consider the series of breaches in sectors closely tied to daily life, such as telecommunications and finance, to be a serious issue that undermines public trust," adding, "We will make every effort to prevent recurrence and minimize damage."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.