KT said on the 18th that it had found two more illegal micro base station IDs that were identified as the cause of recent small-amount payment hacking damage. The number of victims rose from 278 to 362, and the damage amount increased from 170 million won to 240 million won.
KT acknowledged that the scale of damage and signs of intrusion had expanded, releasing the status of customer protection measures on the 18th following its first announcement on the 11th. Additional investigation showed other types of small-amount payment damage, such as transportation cards, beyond the existing gift certificate payment cases. A total of four illegal base station IDs have been identified so far, and a total of 20,000 people received the signals.
This also revealed indications that IMSI, IMEI, and mobile phone numbers were leaked. However, customer names and dates of birth were not leaked, and the USIM authentication key is safe, so the possibility of cloned phone damage is assessed to be nonexistent.
KT said that no additional damage occurred after blocking abnormal small-amount payments on Sept. 5. It also said that all newly identified cases occurred before that. KT completed a supplemental report to the Personal Information Protection Commission and is providing individual guidance to the affected customers along with free USIM replacement and support for enrolling in protection services.
To prevent a recurrence, it will upgrade the management system for micro base stations and strengthen a system that monitors abnormal payment types in real time. It will convert about 2,000 stores nationwide into "Safe and Secure Specialty Stores" and provide affected customers with the "KT Safe and Secure Insurance" (tentative name) free of charge for the next three years to compensate for financial fraud linked to communication devices.
KT said it is actively cooperating with a joint public-private investigation and a police probe, and repeatedly apologized for causing inconvenience and concern to customers. The company said it would prioritize protecting affected customers and push for recurrence prevention and institutional improvements. It plans to provide guidance through official briefings as key facts are confirmed.