KT confirms possible personal data leak involving 5,561 users

(Lee Seung-hwan)

KT Corp. Chief Executive Officer Kim Young-shub on Thursday apologized for a possible leak of personal information involving 5,561 users. He pledged full compensation and stronger measures to prevent recurrence.

At a press briefing at KT headquarters in Gwanghwamun, central Seoul, the company said that abnormal connections to illegal femtocells may have exposed some users’ International Mobile Subscriber Identity (IMSI) numbers.

The IMSI is a unique identifier stored on a SIM card and transmitted when a device connects to the network.

While the IMSI alone cannot authorize payments without the SIM authentication key (Ki), the company found that 19,000 subscribers connected to the rogue base stations, of whom 5,561 may have had their IMSI data leaked.

KT reported the case to the Personal Information Protection Commission (PIPC) and notified affected users, offering free SIM replacements, damage checks, and protective services.

KT will provide free SIM card replacements to all 19,000 users who connected to the illegal femtocells. Exchanges are available at nationwide retail stores and customer centers.

The rogue equipment is believed to be LTE femtocells once used by KT to boost signals indoors and in shadow zones.

Normally, such devices must be pre-registered with the carrier before network access, but some units appear to have been leaked and illicitly modified. Devices connecting to them may have temporarily exposed their IMSI during authentication.

Unlike 5G, LTE networks can transmit IMSI in plaintext under abnormal conditions. KT identified two rogue cell IDs not registered in its management system.

The company has so far counted 278 fraudulent payment cases amounting to 170 million won ($122,200). It stressed that no core network systems, such as switches or authentication servers, were hacked, and that the IMSI leak occurred only in the radio access section.

However, KT admitted that the ARS authentication hijacking used for the actual fraudulent payments is a separate issue under investigation.