It was found that the personal information of 5,561 subscribers was leaked through illegal micro base stations, identified as the cause of KT's unauthorized small-sum payment incident. It was also determined that 19,000 subscribers, including them, received signals from the illegal micro base stations. KT said it will replace the SIM cards of all users with a history of receiving signals from the illegal micro base stations free of charge and provide a SIM protection service. It is also reviewing a customer compensation plan that includes a waiver of penalty fees.
On the 11th, KT said this at a press briefing held at KT West in Gwanghwamun, Seoul. Initially, at a press briefing held the previous day with the Ministry of Science and ICT, KT said there were no signs of a personal information leak, but it reversed its stance in a day. KT said it reported the possibility of an information breach to the Personal Information Protection Commission in the afternoon.
◇ Illegal micro base stations detected… IMSI information of 5,561 people leaked
According to KT, between the 1st and 4th, cases of unauthorized small-sum payments affecting subscribers continued, mainly around Gwangmyeong. So far, 278 cases have been confirmed, totaling about 1.7 billion won.
Although the joint public-private investigation team's probe is underway, KT and experts are pointing to illegal micro base stations as the cause of the incident. Micro base stations, called femtocells, are palm-sized devices that facilitate communication in areas with weak signals. Individuals or businesses can buy them and use them once they receive authentication from a carrier.
KT said that, as a result of an investigation conducted on the 8th, it found two illegal micro base stations without authentication and identified about 19,000 customers who received signals from them. The illegal base stations were reportedly connected to KT's network starting Jun. 26.
KT also said that, through additional investigation conducted that day, it confirmed that the IMSIs of 5,561 customers who received signals were leaked. IMSI is a unique number assigned to each subscriber and is personal information stored on the SIM card. KT reported indications of a personal information breach to the Personal Information Protection Commission at 2:30 p.m. that day. Gu Jae-young, head of the Network Technology Division, emphasized, "There was no confirmation at all of cloned phones or hacking of the Home Subscriber Server (HSS) system."
However, it has not yet been determined how the criminals went as far as making small-sum payments using illegal micro base stations. Gu said, "We presume they illegally obtained and modified some of the micro base stations used by KT in the authentication process, or created a specific system and detached and moved parts of the micro base stations," adding, "We presume the reason it was linked to the network is that existing interworking equipment was used."
He also said, "In the case of small-sum payment procedures, a name or date of birth must also be entered, and this part has not yet been confirmed. That information cannot be leaked from an illegal micro base station. We will be able to confirm it once the police investigation is completed."
◇ 100% compensation for damages… waiver of penalty fees under review
KT said it will proceed with SIM card replacements only for the 19,000 subscribers who have a history of receiving signals from illegal micro base stations and will also prepare a compensation plan later. Immediate SIM replacement is available through nationwide retail stores, online channels, and customer centers. It will also support SIM replacement by courier and in-person replacement for older customers. KT said it currently holds inventory of more than 1 million SIM cards.
It also promised not to bill customers who suffered small-sum payment losses for the charged amounts. It plans to prepare a compensation plan for customers whose personal information was leaked. Kim Young-geol, head of the Service Product Division, said, "We promise 100% compensation for monetary losses," adding, "We are contacting affected customers directly to explain the situation and provide care."
It is also reviewing a direction to waive penalty fees for customers considering switching carriers due to this incident. Kim said, "We will consider including a penalty fee waiver plan in the compensation package," adding, "We will review it proactively from the customer's perspective."
KT said it has prepared a "triple-block system" as a measure to prevent recurrence. Specifically, it will establish: ▲ blocking, at the source, access by unregistered illegal base stations ▲ real-time detection and blocking of abnormal payment patterns ▲ a daily monitoring system for all small-sum payment cases.
It also said it will expand features that allow customers to set their own payment limits and strengthen additional authentication, providing security that users can feel.