The government said it will state its position on the need for and scope of a "penalty waiver" measure related to the KT unauthorized small-payment hacking incident when it announces the findings of the public-private joint investigation team.
Ryu Je-myung, the Second Vice Minister of the Ministry of Science and ICT, said at a National Assembly audit on the 21st, "We will determine fault and responsibility and report, including the subjects and scope, simultaneously with the completion of the investigation." Lawmaker Lee Hoon-gi of the Democratic Party of Korea criticized, "On Sept. Bae Kyung-hoon, the Minister, said he 'received a promise from the KT CEO to waive penalties,' but a month has passed with no action from either the government or KT."
Lee also pointed to the telecom companies' "delayed reporting" of the breach, saying, "Even though current law requires reporting within 24 hours, SK Telecom reported after 45 hours and KT reported three days later," and added, "For corporations with tens of trillions of won in revenue, fines of a few million won are meaningless." In response, the Vice Minister Ryu said, "We are preparing a bill to raise fines and a system that enables a swift response even without a report."
Lee also raised indications of "evidence concealment" during the incident response. Citing SK Telecom's delayed voluntary submission of materials, KT's server disposal, and LG Uplus' server updates, Lee said, "We need measures to prevent the erasure of traces after a request for materials is made."
Lee Sang-jung, head of the Korea Internet & Security Agency (KISA), said, "Cyber evidence is highly volatile, and artificial disposal carries strong intent," while noting, "Under current rules, reporting and consent procedures are required."