- Personal Data of 8 Million KT Subscribers Leak Out
- By Ryu In-ha
His company randomly called mobile subscribers suggesting they change their mobile phones to newer models and then connected these subscribers to mobile phone stores. He made a profit of 50,000~150,000 won for each subscriber he introduced to the stores.
However, random calls did not bring a high success rate. So Choi decided to hack into the customer data query system used by the mobile phone stores to steal subscriber information. With accurate customer data, he could increase his chances of success in his telemarketing business.
Choi selected KT as his target, since, compared to SK Telecom or LG U+, KT pays higher compensation for the subscribers he introduces.
"We express our sincere apology for having caused you concern over the leakage of your subscriber data by this hacking incident." This is written on a pop-up window on KT's website, which includes a written apology and a notice to check for data leakage.
In February, Choi developed a hacking program to hack into KT's sales system. He used this program to steal more than ten data categories including name, resident ID number, phone number, monthly rates, etc.
For the past five months, Choi stole the personal data of over 8 million subscribers, which amount to 47% of all KT subscribers. Choi hacked the data in small amounts to avoid KT's suspicion.
Choi not only used the information he stole in his telemarketing business, but also made a profit of 700 million won by selling the information to 15 other telemarketing businesses. He also rented the hacking program to 3 other telemarketing businesses for a monthly rate of 2~3 million won each. In the last 5 months Choi earned approximately 1 billion won from his hacking program.
The National Police Agency's Cyber Terror Response Center arrested Choi and his partner Hwang (35) for violating the Usage and Promotion of Information and Communications Networks Act. The center also indicted 6 others including Im (33) for having bought or secretly copied the hacking program from Choi and Hwang.
KT discovered traces of hacking during an internal inspection of their server networks and requested police investigation on July 19. However, this revealed how poor their security was, not having noticed their customer information had been leaking for the last 5 months.
For an information and communications firm, security is vital. Such an incident in which the personal data of millions of subscribers leaked due to the hacking of an info-communications firm's computer server is unprecedented.
In March, KT also had problems when the personal information of 200,000 subscribers leaked. At that time as well, an employee of a KT subcontractor pierced the KT headquarters server with a hacking program he developed himself.