Despite KT's explanations regarding the unauthorized small payment hacking incident, controversy continues to persist. Claims have emerged that additional areas have been affected, and suspicions have even been raised about whether the telecom PASS authentication system was hacked, leading to criticism that KT may still be underestimating the seriousness of the situation. Previously, KT denied concerns over security, stating, "PASS authentication was functioning normally, and the damages occurred due to ARS authentication information being stolen." Regarding newly reported affected areas such as Dongjak, Seocho, and Ilsan, which were revealed during a National Assembly briefing, KT explained, "These are only estimated locations based on base station signals and cannot be definitively identified as actual affected areas."

Koo Jaehyung, Head of Network Technology Division at KT Network Division, is presenting the current response status regarding small payment fraud at the KT Gwanghwamun Building in Jongno-gu, Seoul on the 18th. Photo by Yonhap News

원본보기 아이콘

According to KT and others on the 22nd, some victims of unauthorized small payment fraud have claimed that "there were PASS authentication records even though they did not initiate them." They explained that even though they had not made any payments themselves, there were approval records under their names in the authentication logs via the PASS application. These testimonies have fueled suspicions that the authentication system itself may have been hacked. Notably, PASS is a personal identity verification service jointly operated by not only KT but also SK Telecom and LG Uplus. If this system were breached, it could escalate into a serious issue threatening the security systems of all three major telecom companies.

KT drew a clear line. The company stated, based on internal log analysis and verification of victim cases, "In the cases in question, the victims did in fact process payments normally through the PASS app." However, it explained that during a separate ARS authentication process conducted immediately afterward, authentication information was stolen by a third party, resulting in unauthorized payments. There was no evidence that PASS itself had been hacked. KT emphasized, "PASS is a secure authentication method jointly operated by the three major telecom companies and recommended by the government. We conducted double and triple internal verifications and confirmed that there was no hacking."

On the 19th, government officials who concluded the joint briefing between the Ministry of Science and ICT and the Financial Services Commission for hacking response at the Government Complex Seoul in Jongno-gu, Seoul, are greeting together with representatives from Lotte Card (left) and KT (right). Photo by Yonhap News

원본보기 아이콘

Contrary to KT's explanation that the affected areas were limited to parts of southern Gyeonggi Province, there are indications that the actual scope of the damage is broader. Hwang Jeonga, a member of the National Assembly's Science, ICT, Broadcasting, and Communications Committee from the Democratic Party of Korea, stated on the 21st, based on data submitted by KT, that areas where small payment hacking occurred according to authentication time included not only Gwangmyeong and Geumcheon, which were previously known, but also Seocho-gu and Dongjak-gu in Seoul, as well as Ilsandong-gu in Goyang, Gyeonggi Province.

원본보기 아이콘

KT explained, "It has not been confirmed that the actual affected areas have increased." The company argued that the areas listed in the National Assembly report were not actual locations of the incidents, but rather "estimated locations." Since the value is displayed based on the base station signal to which the mobile phone was connected at the time of payment or authentication, it may differ from the actual location where the crime occurred.

A KT official explained, "Locations such as Dongjak, Seocho, and Ilsan shown in the data are not necessarily where the payments occurred, but rather the locations of the base stations the phone was connected to at that time." For example, even if a victim suffered payment fraud in Gwangmyeong, if their phone was connected to the Dongjak base station while moving, it could be recorded as "damage in Dongjak-gu." He added, "Since the base station can change frequently during call initiation or termination, or when turning the phone off and on, the location recorded in the log may differ from the actual site of the incident. To confirm the facts of the damage, not only the location record but also evidence of illegal wireless device access, small payment transaction history, and confirmation that the payment was unauthorized by the victim must all be met."

Representatives from civic groups including the People's Livelihood Economy Research Institute, Seoul YMCA Citizen Relay Office, People's Solidarity for Participatory Democracy Livelihood Hope Headquarters, and Korea Consumer Federation condemned the irresponsible behavior of mobile carriers and the government regarding the SK Telecom USIM hacking and KT small payment damage incident in front of the KT Gwanghwamun Building West Office in Jongno-gu, Seoul on the 15th. Yonhap News

원본보기 아이콘

However, despite KT's explanations, suspicions persist. In particular, there is criticism that the root cause of the incident, which has continued for nearly a month, has not been sufficiently identified, leading to calls for KT to release more transparent and detailed investigation results. At the upcoming National Assembly Science, ICT, Broadcasting, and Communications Committee meeting on the 24th, a hearing on this hacking incident will be held, with KT executives attending as witnesses.