Ahead of the appointment of KT's next CEO, the "hacking" that rocked the telecom industry this year is emerging as a key issue. That is because two of the three shortlisted CEO candidates are directly or indirectly linked to past hacking incidents. Some say it would be a "contradiction" to pick someone tied to a past hacking incident as the next CEO when KT President Kim Young-shub gave up a bid for another term over the hacking incident.
According to the industry on the 15th, KT will decide on a sole candidate for the next CEO on the 16th. The final interview candidates are former KT President Park Yoon-young, former SK Communications CEO Joo Hyeong-cheol, and former SK shieldus Vice Chairman Hong Won-pyo. Inside and outside KT, the first task for the next CEO is seen as managing the fallout from this year's "hacking incident."
Some in the industry worry that if KT selects as the new CEO someone linked to a past hacking incident despite a hacking incident that sparked national outrage, there could be blowback. Ahn Jeong-sang, adjunct professor at Chung-Ang University Graduate School of Communication, said, "It is a contradiction to appoint the next CEO as someone directly or indirectly connected to a past hacking incident when President Kim Young-shub gave up another term to take responsibility for the hacking incident," adding, "Even if the KT board finalizes such a person as a candidate, the individual may fail to receive final approval at the shareholders meeting." He added, "If it falls through at the shareholders meeting, KT will have to appoint a CEO again, which could inevitably prolong the management vacuum."
Among the three candidates for KT's next CEO, former CEO Joo Hyeong-cheol is the person who directly experienced a past hacking incident. Joo was the CEO at the time of the 2011 SK Communications hacking incident. In that large-scale breach, the personal information of as many as 35 million people was leaked, including IDs, names, phone numbers, email addresses, encrypted passwords, and resident registration numbers, causing a public uproar.
After the incident, Joo announced measures to prevent a recurrence and strengthen security, but the company's credibility was severely damaged. SK Communications ended up posting losses for four consecutive years and was delisted in 2016.
Former Vice Chairman Hong Won-pyo previously led SK shieldus, SK Telecom's security subcontractor. Hong's term as CEO of SK shieldus was originally until July this year, but he abruptly decided to resign on Apr. 30, a week after the SK Telecom hacking incident occurred. At the time, SK shieldus said Hong's resignation was a personal decision unrelated to security issues involving SK Telecom. However, some inside and outside the industry say there is room for debate over the possibility of indirect responsibility by SK shieldus as SK Telecom's security subcontractor. SK shieldus argued that SK Telecom's UICC (USIM) system, where the hacking occurred, was not within the contracted scope and that it was not directly connected to the SK Telecom hacking incident.
According to the Korea Internet & Security Agency (KISA) information security disclosure, as of 2023 SK Telecom's dedicated information security personnel consisted of 46 in-house staff and 176 outsourced staff. The industry says that among the outsourced staff, about 80 to 100 are affiliated with SK shieldus. An IT industry official said, "It is a kind of contradiction to say that SK shieldus, which manages SK Telecom's system security, bears no responsibility."
Ryu Jong-gi, director at the Korea Corporate Security Council, said, "Damage to corporate credibility from a hacking incident also deals a major blow to management leadership, and KT is unlikely to avoid such controversy in appointing its next CEO," adding, "Clear vetting is essential on how past security incidents were handled and how the candidates responded. The telecom industry must now move beyond hacking phobia and put security and the restoration of trust at the top of the agenda."