KT accused of concealing major malware infection, faces probe over customer data breach

Mobile carrier KT is facing mounting scrutiny after a government investigation found the company concealed a major malware infection last year.

According to a joint government-private investigation team on Thursday, KT became aware between March and July 2024 that 43 of its servers had been infected with BPFDoor malware and other malicious code. The malware enables remote attackers to bypass firewalls and maintain long-term access to compromised systems. Despite detecting the breach, KT failed to notify authorities and attempted to address the issue internally, the team said Thursday.

Investigators confirmed that the infected servers contained customers’ personal data, including names, phone numbers, email addresses and international mobile equipment identity numbers. The team called KT’s concealment of the breach a matter of “grave concern” and said it will coordinate with relevant agencies to determine appropriate legal measures.

The same malware was used in an earlier hacking case involving SK Telecom, the country’s largest mobile operator.

The probe also uncovered serious weaknesses in KT’s femtocell management system, which allowed unauthorized devices — known as femtocells — to connect to its internal network. Femtocells are small, low-power cellular base stations typically used in homes or small offices to improve mobile coverage.

“KT’s femtocell management system was poorly maintained, creating an environment in which unauthorized femtocells could easily access the company’s internal network,” the investigation team said.

Hackers who controlled the illegal femtocells were able to disable end-to-end encryption and intercept users’ payment authentication data, according to the findings.

The Ministry of Science and ICT said it is reviewing whether KT’s actions violated the law and whether affected customers should be compensated.

The investigation was launched after 368 KT customers suffered financial losses totaling 240 million won ($167,000) in August through illegally operated micro base stations.

In response to growing security concerns, KT began offering free replacements of universal subscriber identity modules to all customers on Wednesday.

Hours after the investigation announcement, KT unveiled a compensation package, including waiving termination fees for all customers confirmed to have suffered from unauthorized payments or data leaks.

Officials added that KT has been referred to law enforcement authorities on suspicions of obstructing justice by allegedly providing false information and concealing evidence during the investigation.

KT could also face penalties from the Personal Information Protection Commission, which earlier this year fined SK Telecom 134.7 billion won for a similar data breach.