Hackers steal 12m KT users’ information

By Korea Herald
  • Published : Mar 6, 2014 - 21:13
  • Updated : Mar 6, 2014 - 21:13
The Incheon Metropolitan Police Agency on Thursday arrested two hackers and a telemarketing firm CEO in connection with the theft of 12 million KT Corp. customers’ personal information.

KT is the country’s second largest telecom services provider with some 16 million consumers subscribing to its mobile, fixed-line telephone and internet services.

“KT will fully cooperate with the police investigation. (The company) will work to minimize the damage to customers.” KT said in a statement. 
A man walks in front of KT Corp.’s office in Seoul on Thursday. (Yonhap)

According to the police, the hackers, identified by the surnames Kim and Chung, had been stealing user personal information from KT since February 2013. Using a random number generating program, the hackers matched KT customer identification numbers to steal as many has 300,000 pieces of information on a daily basis.

The stolen data is said to include names, citizen registration numbers, mobile phone numbers, home addresses, occupations and bank account numbers.

Chung and Kim sold the information to the telemarketing company chief, identified by the surname Park. Park then used the information in marketing mobile telecom services, generating an estimated 11.5 billion won ($10.8 million) in illegal gains.

Park also sold the personal information of about 5 million people to three mobile phone sellers.

According to the police, the hackers received 5,000 won while Park generated between 200,000 won and 400,000 won in operating profit for each mobile phone contract sold through the scheme.

The suspects are reported to have planned to steal information from two securities companies.

The case comes while the country continues to reel from the massive data security breach at three local credit card companies.

On Jan. 8, personal information of more than 20 million KB Kookmin, NH NongHyup and Lotte card users was found to have been leaked. Following the case, a string of bills aimed at reinforcing data protection were processed by the National Assembly, while the government handed out fines and placed the three companies under a three-month operating ban. 

By Choi He-suk (