KT’s data leak impact grows, full extent still unclear

Telecom giant KT is continuing to uncover the scale of mobile payment fraud cases through new findings from its comprehensive investigation into carrier billing transactions conducted between Aug. 1, 2024, and Sept. 10, 2025, but the full extent of its users’ personal data exposure still remains unclear.

“It’s true that a name, date of birth and gender are required when making a mobile payment. Our joint investigation team is currently examining internal servers and related systems in detail to determine how the hackers acquired the information,” a KT official said during a press briefing at its office in central Seoul on Friday.

The company revealed that unauthorized connections to illegal femtocell base stations — fixed transceivers connecting devices to one another or to a wider area — had occurred since October last year, continuing for nearly a year before being discovered last month.

An additional 16 illegal base stations were found to be used in the scheme, bringing the total to 20. Around 2,200 more customers were identified as having connection histories with these unauthorized stations, raising the total number of affected users to approximately 22,200.

KT explained that it has expanded the scope of its latest investigation period from the initial three months to over 13 months from August last year, reviewing around 150 million payment transaction records, including direct carrier billing payments through app stores.

“Throughout this expanded and detailed review, we enhanced our detection algorithms for identifying illegal femtocell (micro, low-power cellular base station) usage and unauthorized payment activity. As a result, the number of detected illegal femtocell IDs increased by 16 compared to earlier findings,” a KT official said.

A customer walks into a KT retail store in Seoul, Thursday. Yonhap

The company analyzed over 4.03 trillion connection records between mobile devices and base stations to detect the illegal activity. The hackers allegedly used femtocells to intercept verification signals and authorize mobile transactions without users’ knowledge.

With the new findings, six more users were identified as victims of unauthorized mobile payments, totaling 3.19 million won ($2,245). The total number of victims now stands at 368, with cumulative losses exceeding 240 million won.

KT said it found no irregular payment activity involving the PASS authentication platform or direct carrier billing transactions. The earliest unauthorized payment attempt occurred on Aug. 5, consistent with earlier findings.

The company confirmed that no additional cases were reported after Sept. 5, adding that it has implemented measures to block access from unauthorized femtocell base stations and monitor connections in real time.

KT has submitted supplementary reports to relevant authorities, including the Personal Information Protection Commission, and said it is taking protective measures for newly identified victims, apologizing for the incident.

However, when asked about waiving early termination fees for users wishing to switch to a different mobile carrier following the incident, as SK Telecom did, the company declined to give a definite answer, saying it would wait until the investigation concludes.

“Regarding the issue of early termination fees, we will review the matter as quickly as possible, taking into account the results of the ongoing investigation and the extent of customer damages before making a final decision,” KT said.