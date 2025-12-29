The Ministry of Science and ICT announced Monday that internal data from LG Uplus had been compromised in a cyberattack, following a joint investigation conducted with the Korea Internet & Security Agency.

The investigation began after KISA received an anonymous tip on July 18 suggesting a possible security breach at the telecommunications provider. Although LG Uplus was notified the following day, the company did not formally report the incident until Oct. 23. The delayed disclosure prompted authorities to conduct an on-site inspection on Aug. 25 and launch a joint task force.

According to investigators, the leaked information included server configuration data, user authentication credentials and employee records. Officials identified the source of the breach as LG Uplus’ internal automated process policy management (APPM), which manages access permissions for internal servers.

However, authorities said there were inconsistencies between the APPM server LG Uplus submitted for forensic analysis and the data presented by the whistleblower. Investigators suspect that another APPM server, which had not been initially disclosed, may have been the actual point of intrusion. That server reportedly underwent an operating system upgrade on Aug. 12, rendering forensic recovery impossible.

The whistleblower further alleged that the cyberattack may have originated from a laptop used by a third-party vendor responsible for managing the APPM system. Efforts to trace the exact attack pathway were hampered after several key servers were found to have been wiped or decommissioned between Aug. 12 and Sept. 15, despite an earlier warning issued by KISA.

The ministry criticized LG Uplus for what it described as insufficient transparency and shortcomings in its incident response, stating that these actions may have impeded the investigation. The case was referred to the Korean National Police Agency on Dec. 9.

An LG Uplus official said the company would fully cooperate with the ongoing investigation.

In a separate case, KT Corp. was found to have suffered a cyber intrusion involving unauthorized femtocell devices. Hackers accessed internal systems and stole personal data belonging to about 22,000 users. Of those affected, 368 customers experienced unauthorized micropayments amounting to 243 million won ($169,500).

A subsequent security audit identified 103 types of malware across 94 KT servers. Authorities believe the attackers exploited internal security certificates to intercept SMS- and voice-based authentication messages.

The ministry concluded that KT failed to implement fundamental cybersecurity safeguards and ordered the company to submit a corrective action plan by next month. A follow-up compliance review is scheduled for June 2026.

“Establishing a secure digital environment is essential for business continuity,” said Science and ICT Minister Bae Kyung-hoon. “As Korea advances toward becoming a global leader in artificial intelligence, strengthening cybersecurity must be treated as a national priority.”