The personal information of 8.7 million mobile phone subscribers has been leaked to marketing companies as the network system of KT was compromised in one of the nation’s biggest hacking schemes.

It’s a regret to see similar hacking incidents take place repeatedly and we urge relevant companies and the government to come up with fundamental measures to prevent such invasion of important individual data.

What’s shocking is that KT, the country’s largest fixed-line telephone company, was not aware for five months that its network had been penetrated.

Police arrested two men for stealing the names, residential registration numbers, phone numbers and other data of more than half of KT’s 16 million customers. One of the two, identified only by his family name Choi, a computer industry veteran, developed the hacking program with the intention to harvest personal data from KT’s computer systems.

They sold the program as well as the personal data to telemarketing companies so they could in turn contact customers to solicit them to switch to other mobile operators. Police said the two made more than 1 billion won from the hacking plot. A former KT employee and six others were also booked without physical detention for their implication in the scheme.

Ramifications from the latest data theft appear far-reaching. More than anything else, KT, also the No. 2 mobile operator, is expected to face class-action lawsuits in the same way SK Communications had been beset with class-action cases in the wake of the leakage of personal data of its 35 million customers.

Also, there is a possibility that more crimes could take place as the telemarketing companies that purchased the personal data may move to resell the information.

KT apologized over the hacking incident but the company should be blamed harshly for its substandard security system. It’s hard to understand how KT was ignorant of the hacking for more than five months. In this regard, law enforcement authorities must conduct a thorough probe into the suspicions that KT may have not performed its duty properly to protect personal information of customers stipulated under the relevant law.

What is needed urgently is that companies as well as public entities must beef up their security systems through bold investment in consideration of the immeasurable damage when their networks are penetrated by hackers. At the same time, legal steps will have to be strengthened to make companies and people who are responsible for specific hacking schemes pay the price dearly.

The government, for its part, should come up with fundamental measures to prevent the recurrence of hacking incidents. Given the lack of legitimate channels to obtain personal information under the current law, telemarketing companies have no other alternative but to depend on unlawful means. In this respect, the government should map out comprehensive steps to help telemarketing companies do business legally.