Home > National > Social Affairs

Number of victims of KT data breach far larger than first reported, says telecom giant

Published: 17 Oct. 2025, 15:58 Updated: 17 Oct. 2025, 18:16

A KT store in Seoul on Oct. 16. [YONHAP]

The number of victims affected by unauthorized connections to illegal base stations not managed by KT, which led to personal data leaks and unauthorized micro-payments, has turned out to be far greater than initially reported, the telecom company said Friday.

At a press briefing held at its Gwanghwamun headquarters in Jongno District, central Seoul, KT said the number of illegal base station IDs connected to its network has increased from four to 20, and that an additional 2,200 users were found to have connected to them, bringing the total number of affected customers to around 22,200.

The illegal base station connections began on Oct. 8, 2024, and continued for 305 days. The affected areas, initially limited to Seoul and Gyeonggi, have expanded to include Gangwon. KT added that it is still verifying the timeline between when the breach began and when it was first detected.

“There is a possibility that additional illegal base stations exist beyond those already seized,” said Koo Jae-hyung, head of KT’s network technology division. “If further devices are identified through the investigation, we will disclose the findings.”

KT conducted a full-scale review of 150 million payment transactions processed through its network between Aug. 1 and Sept. 10, 2024. Initially, the company only examined transactions authenticated through automated response systems (ARS), but following public criticism, it expanded the review to include SMS and PASS authentication as well. The broader review uncovered 63 additional cases of unauthorized micro-payments made through SMS verification.

No irregularities were found in payments verified through the PASS system or in direct carrier billing via app markets, KT said.

Through an analysis of 4.04 trillion connection records between mobile phones and base stations, KT identified 16 additional illegal femtocell IDs. One of them was linked to six customers who suffered unauthorized charges totaling 3.19 million won ($2,250).

Seo Chang-seok, executive vice president of KT’s Network Division, apologizes before a press briefing on Oct. 17 at KT’s Gwanghwamun building in central Seoul on the company’s investigation into additional unauthorized micro-payment and personal data leak cases. [NEWS1]

The company reconfirmed that the first instance of unauthorized payment occurred on Aug. 5, 2024, and that no further transactions were made after Sept. 5, when abnormal payment attempts were blocked.

KT said it has submitted a supplemental report on the findings to relevant authorities, including the Personal Information Protection Commission, and is implementing additional protective measures for affected users.

The company apologized for the time it took to complete the full investigation and pledged to cooperate with ongoing government and police probes while introducing technical and regulatory safeguards to prevent recurrence.

“We will consider waiving termination fees depending on the investigation’s outcome,” said Kim Young-geol, head of KT’s service product division. “We’re also helping customers sign up for anti-phishing insurance and safety assurance services at KT branches nationwide.”

Kim added that the extent of damage differs from what SK Telecom reported and stated that KT would take a cautious approach regarding whether to issue a company-wide notice to all users.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JEONG JAE-HONG [[email protected]]