KT to waive contract cancellation penalties for customers following data breach
KT Chief Executive Officer Kim Young-shub delivers an apology over a major data breach reported in September to the public during a press briefing held in Seoul, Tuesday. Yonhap
KT Corp. said Tuesday it will waive cancellation fees for customers who wish to terminate their contracts with the mobile carrier, following a major data breach reported in September that led to a series of unauthorized micropayments.
On Monday, the government unveiled the results of its investigation into the security breach at KT, concluding that the incident was caused by the mobile carrier's poor management of femtocells, small base stations designed for use in homes or businesses.
"KT takes responsibility for the incidents, and we will waive cancellation fees for customers who wish to terminate their mobile service contracts with KT," the company said in a release.
KT said users can apply to unsubscribe from Wednesday through Jan. 13, and the policy will also apply to customers who have already canceled their subscriptions since Sept. 1.
The mobile carrier said the waiver will be provided in the form of refunds.
New KT users who started subscribing after Sept. 1, however, will not be eligible.
"Since the incident, KT has been contemplating ways to address the issue and come up with measures to prevent a recurrence," KT Chief Executive Officer (CEO) Kim Young-shub said during a press briefing held in Seoul, noting that the company will place top priority on data protection.
"I have come here with deep reflection and remorse for causing great anxiety and concern to customers," Kim said. "We take the joint government-private investigation results seriously."
KT said it will also provide 100 gigabytes of free monthly data for six months starting in January for all users, along with additional discount programs at cafes and movie theaters.
The company will further offer a two-year insurance program covering losses caused by voice phishing or scams. Users aged 65 and older will be automatically enrolled without a separate application.
To prevent a recurrence of the incident, KT said it plans to launch an information security task force to strengthen its data management system.
"We plan to enhance the security accountability system led by the chief information security officer, and to conduct regular security inspections led by management and the board of directors, enhancing security-related responsibility across the company," it added.
Activists from civic groups hold a press conference in front of KT’s headquarters in central Seoul, Sept. 15, calling for a thorough investigation into data breach cases involving KT and SK Telecom. Korea Times photo by Ha Sang-yun
KT said it plans to invest 1 trillion won ($691 million) over the next five years to establish a master plan to revamp its data security system while replacing outdated equipment.
The mobile carrier said it will adopt a zero-trust approach, which centers on verifying all users and devices while applying real-time monitoring to all access attempts.
According to the Ministry of Science and ICT, the incident resulted in unauthorized micropayments totaling 243 million won ($169,000), affecting 368 users.
The number of users whose mobile numbers, International Mobile Subscriber Identity (IMSI) numbers and International Mobile Equipment Identity (IMEI) numbers were compromised reached 22,227.
The government added that KT failed to fulfill its contractual obligations, making it possible for users to request that mobile carriers waive cancellation fees when they choose to unsubscribe.