"If we secure indications even without a report from corporations, the government will improve the system so it can conduct a thorough investigation."
Ryu Je-myung, the Second Vice Minister of the Ministry of Science and ICT, said this at a joint briefing on "cyber intrusions at telecom and financial companies" held at the Government Complex Seoul on the 19th. Under current law, the government can only launch an investigation if corporations that suffered hacking intrusions file a report, prompting criticism that the initial response is inadequate.
On this day, the Ministry of Science and ICT said that, in connection with the recent KT small-amount payment hacking incident, 362 people were identified as victims and that damage amounted to about 240 million won. Specifically, it added that it confirmed indications that 20,030 users were exposed to an illegal base station, leading to the leakage of phone numbers, International Mobile Subscriber Identity (IMSI) information, and International Mobile Equipment Identity (IMEI) information.
Regarding the server intrusion that KT reported on the 18th, it is known that the specifics have not yet been identified. The Ministry of Science and ICT and KT say they will announce the specific details of the intrusion after the government–private joint task force completes its investigation. Vice Minister Ryu said, "The joint task force will swiftly and rigorously analyze the cause of the incident and disclose the results transparently," adding, "The task force is currently focusing its investigation on how the hacker's illegal micro base station was able to access KT's internal network and through what route personal information was obtained."
Vice Minister Ryu said, "The government, led by the National Security Office, is working across ministries together with the Ministry of Science and ICT and the Financial Services Commission to minimize hacking damage," adding, "The Science Ministry will review the entire current security system from scratch and prepare fundamental measures, not stopgap incident responses."
The Ministry of Science and ICT also signaled tougher penalties for corporations that conceal hacking incidents. Vice Minister Ryu emphasized, "If corporations intentionally delay or fail to report intrusions, we will toughen measures such as fines."