KT acknowledged responsibility for the hacking breach and moved to waive penalties for all mobile customers and overhaul its companywide information security system. Immediately after the government concluded that it "violated the obligation to provide safe telecom services," KT announced compensation and measures to prevent a recurrence to restore customer trust.
On the 30th at its Gwanghwamun headquarters in Seoul, KT held a press briefing titled "apology to customers and information security innovation plan regarding the breach" and said it will fully waive penalties for customers who cancel mobile services. The application period runs for two weeks from that day through Jan. 13, 2026, and will be applied retroactively to customers who already canceled between Sept. 1 and Dec. 30, 2025. Penalties will be refunded after a customer application.
KT President Kim Young-shub said, "We deeply apologize for causing great anxiety and inconvenience to customers due to the breach," and added, "We take the findings very seriously and will make restoring customer trust the company's top priority beyond the issue of the information protection system." The remarks focused on carrying out compensation and preventing a recurrence rather than on a detailed dispute over responsibility for how the incident unfolded.
Separately from the penalty waiver, KT will implement a "customer appreciation program" for all customers who keep their service. Starting in Feb. 2026 for six months, it will automatically provide 100GB of data each month, and add 50% more for roaming data. Customers can choose one of two OTT services to use for six months, and membership discounts closely tied to daily life—such as coffee, movies, and bakeries—will also be offered for six months. The "safety and assurance insurance," which compensates for mobile phone phishing and hacking damage and online transaction fraud, will be provided for two years, and customers age 65 and older will be enrolled automatically without a separate application.
KT estimated the perceived value of the compensation package at about 4,500 won per month. Explaining why it chose compensation in the form of data, content, and insurance instead of bill discounts, KT said, "We focused on benefits that many customers can actually use over a long period rather than a one-off reduction." Still, some pointed out that the perceived benefit may be low for certain customers, such as those on unlimited plans.
The move came right after the government released its final investigation results. A public-private joint investigation team inspected about 33,000 KT servers six times and found 103 types of malware on 94 servers, and determined that there was a possibility that text and call contents could have been intercepted in plaintext through illegal micro base stations (femtocells). The Ministry of Science and ICT viewed this as "a case of failing to fulfill the obligation to provide safe telecom services to users" and concluded that it falls under the terms allowing penalty waivers.
To prevent a recurrence, KT launched a CEO-led "information security innovation TF." About 60 executives and employees will take part in the TF, which consists of six divisions—IT, network, IPTV, organization, and finance—and will redesign companywide security governance beyond the existing IT security–focused CISO organization. The TF will operate with management directly checking progress.
Technical measures will proceed in parallel. KT reorganized the entire process of producing, supplying, installing, and retrieving illegal femtocells, strengthened equipment certification procedures, and fundamentally blocked unregistered devices from accessing the network. It completed malware removal on all servers and, working with white-hat hackers, will operate a continuous inspection system. It will significantly extend the retention period for server and application logs and build a system that integrates monitoring of network, IT, and media security.
In the mid- to long term, it will execute 1 trillion won in information security investments over the next five years and consider additional investments if needed. It plans to expand the Zero Trust Security framework—which verifies every connection without distinguishing between internal and external networks—beyond the level of cloud and AI services to companywide application across internal systems and partners, and to completely revamp the security incident response process and accountability structure.
Kim said, "This incident is not a simple technical issue but a warning about KT's overall security management," adding, "As a national key telecommunications operator, we fully recognize our responsibility and will restore trust through change, not words." KT will submit its implementation plan for preventing a recurrence to the government by January next year and is set to undergo checks on implementation by June.