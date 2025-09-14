KT breach's unanswered questions spark mounting concern over fallout
Published: 14 Sep. 2025, 18:47 Updated: 14 Sep. 2025, 18:55
The recent unauthorized micro-payment breach at KT left key questions unresolved, including how hackers obtained personal information such as names and resident registration numbers after intercepting subscriber identification data.
The unauthorized micro-payment breach at KT, disclosed earlier this month, involved hackers intercepting subscriber identification numbers (IMSI) through illegal base stations.
KT admitted on Sept. 11 that there were signs the IMSI numbers of 5,561 subscribers had been leaked, but IMSI data alone cannot be used for micro-payments because the process requires ARS verification with a name and resident registration number. This raises the possibility that other personal information may have also been leaked.
During a plenary meeting of the National Assembly’s Science, ICT, Broadcasting and Communications Committee on Thursday, Science and ICT Minister Bae Kyung-hoon was asked whether hackers may have gained access to more personal data beyond IMSI numbers.
"That appears to be the case,” Bae replied.
Kim Seung-joo, a professor at Korea University’s School of Cybersecurity, said the key issue lies in how hackers obtained the personal information necessary for payment.
“If this was not smishing, investigators must determine where the hackers acquired names and resident registration numbers,” Kim said. “If the data came from KT’s internal network or from external government websites, the fallout could be even greater.”
KT maintained that micro-payments require entering a name and resident registration number for ARS verification, so it views the illegal base station case and the unauthorized payments as separate issues and considers the matter one for investigation.
What is IMSI?
Experts note that IMSI alone cannot create cloned phones.
The IMSI number, stored in the SIM card, is a unique subscriber code consisting of a country code, a carrier code and a user-specific number. Carriers use it to identify and authenticate subscribers, as well as to track their locations.
If hackers obtain IMSI data, they can potentially track users’ locations, eavesdrop on their communications or send fraudulent verification requests. However, ARS verification for micro-payments requires additional information, including a name and resident registration number.
Experts warn against the aftermath
Following the KT incident, experts have warned consumers to be cautious when installing security apps from app stores.
“In times like this, users may download uncertified apps and fall into phishing traps,” Kim said. "The best preventive measure is to block micro-payments altogether."
SK Telecom and LG U+ allow subscribers to change or block micro-payment limits directly through their apps. KT subscribers, however, can only adjust payment limits through the app; blocking or unblocking the service requires calling customer service.
Authorities also urged vigilance against smishing.
The Korea Communications Commission warned that scammers are exploiting the KT breach to send texts containing phrases like “micro-payment cancellation and refund” or “compensation for damages,” often with links to malicious apps.
“Users can check whether a suspicious text is legitimate by opening the Korea Internet and Security Agency’s (KISA) ‘Boho Nara’ channel on KakaoTalk and pasting the message there," the commission said.
Separately, the government cautioned that it and credit card companies will not send text messages containing links for the “second round of consumer coupons,” which open for online applications this week. Officials urged the public not to click on unknown URLs.
Consumer coupons are government-issued vouchers intended to stimulate household spending and support local businesses.
This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY YU SUNG-KUK [[email protected]]
with the Korea JoongAng Daily
To write comments, please log in to one of the accounts.
Standards Board Policy (0/250자)