KT apologizes for mobile payment fraud cases

KT CEO Kim Young-shub bows in apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Thursday. Joint Press Corps

Mobile carrier KT on Thursday apologized to its users over a string of unauthorized mobile payment fraud cases that rattled the public with the unprecedented use of rogue cellular base stations.

The telecom company also confirmed that the personal information of more than 5,500 users may have been stolen in the fraud cases, and reported the breach to the country’s telecom regulator.

“I stand here with a heavy heart to apologize for the concern and anxiety caused by the recent mobile payment fraud cases,” KT CEO Kim Young-shub said during a press conference at its headquarters in Seoul.

“We sincerely apologize to the Korean public, our customers, related institutions and the customers who suffered losses … We have mobilized all of the company’s resources and personnel to prevent further losses, implementing technical measures and preparing to fully compensate affected customers.”

The mobile payment breach first surfaced last week as police investigated unauthorized mobile charges affecting KT users residing in certain parts of Seoul and Gyeonggi Province.

About 20 victims reported that they were charged, without their knowledge, for transactions such as digital gift cards and transit card top-ups from Aug. 27 to 31. Following these reports, the company confirmed 278 cases of mobile payment fraud among its users, with the total losses expected to surpass 170 million won ($122,460). It noted that at least two unauthorized, miniaturized rogue cellular base stations were used for the crime.

The incident is particularly alarming in Korea as the country had never before reported similar types of cybercrimes, with victims telling police that they had not clicked on any malicious links or installed any suspicious apps.

KT CEO Kim Young-shub delivers an apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Thursday. Joint Press Corps

KT initially sidelined the possibility of a personal data leak, but confirmed during the briefing that approximately 19,000 KT users received signals from the rogue cellular bases, and the international mobile subscriber identity of 5,561 users may have been compromised.

“The company reported the leak to the Personal Information Protection Commission on Thursday afternoon and sent text messages to affected customers, notifying them of the possible breach and providing links to check whether their information had been compromised and to apply for free replacement of their universal subscriber identity modules (USIMs),” the company said.

The company said there was no evidence that the breached information had been used for illegal device alterations or cloned phones, but added it would provide free USIM replacements to all customers found to have connected to unauthorized micro base stations.

“We will thoroughly review the situation and fulfill our duty as a telecom operator to reassure the public and our customers,” Kim said.

The apology came after President Lee Jae Myung said during a meeting with his aides on Thursday that “there are suspicions that the case has been downplayed or covered up, and we must make sure to get to the bottom of it and hold those responsible to account.”