KT LG Uplus face lingering fallout over hacking incidents The Korea Times
KT, LG Uplus face lingering fallout over hacking incidents
Button Label
Listen
Text Size
Print
By Lee Gyu-lee
Published Feb 28, 2026 7:00 am KST
A message saying that KT will waive early termination fee is shown on a phone screen, Dec. 31, 2025. Yonhap
A message saying that KT will waive early termination fee is shown on a phone screen, Dec. 31, 2025. Yonhap
Korea’s two major telecom companies, KT and LG Uplus, continue to grapple with the fallout over hacking incidents and data breaches that triggered customer departures and mounting pressure for tougher sanctions.
KT has extended the deadline for customers to apply for early termination fee refunds after complaints that some users were unable to file claims before the previous cutoff on Jan. 31. It announced on Friday that it will accept refund requests until June 30.
The company offered to waive early termination fees between Dec. 31 and Jan. 13 and refunds for subscribers who had already canceled their service after Sept. 1.
The fee waiver was a follow-up measure to a major hacking incident in September. The breach involved illegal femtocell base stations that intercepted authentication signals to steal subscriber information and make unauthorized small mobile payment charges totaling about 243 million won ($155,700). In the process, the phone numbers and mobile identity data of 22,227 users were compromised.
The latest extension applies only to customers who have already left the carrier but failed to file refund claims in time. It excludes new cancellations.
KT CEO Kim Young-shub bows in apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Dec. 30, 2025. Yonhap
KT CEO Kim Young-shub bows in apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Dec. 30, 2025. Yonhap
According to the Korea Telecommunications Operators Association, KT lost over 238,000 subscribers after the fee waiver period, reflecting the scale of customer backlash in the wake of the breach.
“We have put in place measures to prevent any inconvenience to customers regarding early termination fee refunds,” KT said.
Separately, the ICT Ministry recently disclosed that KT paid a total of 26.25 million won in administrative fines for three counts of violations on mandatory cyber‑incident reporting.
The penalties included two delayed reports tied to last year’s hacking case, which were fined at 7.5 million won each, and an 11.25 million won fine for failing to report an unrelated malware incident in 2024.
Under Korean law, companies must report hacking or other security incidents to authorities within 24 hours of becoming aware of them. The ministry also ordered KT to submit measures to prevent recurrence. The e company filed its implementation plan in January, which is now under review.
More significant sanctions could follow, as the Personal Information Protection Commission (PIPC) is expected to conclude its investigation into KT’s hacking incident soon. It is currently conducting its final legal review and determining the level of administrative fines.
“We launched the investigation immediately last September, but as we discovered an additional server infected with malware, it delayed the process,” PIPC Vice Chairperson Lee Jeong-ryeol said on Wednesday. “We are confirming the illegal activities and aim to conclude the investigation soon.”
LG Uplus headquarters in Yongsan District, Seoul / Courtesy of LG Uplus
LG Uplus headquarters in Yongsan District, Seoul / Courtesy of LG Uplus
LG Uplus is facing controversy over how it handled signs of a breach after identifying illegal access to information including server lists, server account credentials and employees’ names.
Last October, the government launched an investigation after the company reported the suspected data leaks, about three months after the Korea Internet & Security Agency informed it of receiving an anonymous tip of the breach.
The investigation found that the company upgraded or reinstalled operating systems on key servers and discarded some equipment after officials had warned LG Uplus about suspected data leaks. It wiped logs and made a full forensic reconstruction of the breach impossible, prompting authorities to ask police to investigate on suspicion of obstructing official duties.
The National Assembly Research Service noted on Wednesday that the company could face sanctions, such as offering an early termination fee waiver, if allegations of intentional evidence destruction or obstruction during a hacking probe are substantiated.
“If such attempts go beyond ordinary security measures and constitute destruction of evidence and obstruction of an investigation, it effectively deprives users of the chance to understand whether their personal data was leaked or the scale of it,” the service said.
“It can be seen as a breach of the duty to provide secure telecom services as contracted and thus interpreted as a company‑at‑fault situation that warrants waiving termination penalties.”
Button Label
Listen
Text Size
By Lee Gyu-lee
Published Feb 28, 2026 7:00 am KST
A message saying that KT will waive early termination fee is shown on a phone screen, Dec. 31, 2025. Yonhap
A message saying that KT will waive early termination fee is shown on a phone screen, Dec. 31, 2025. Yonhap
Korea’s two major telecom companies, KT and LG Uplus, continue to grapple with the fallout over hacking incidents and data breaches that triggered customer departures and mounting pressure for tougher sanctions.
KT has extended the deadline for customers to apply for early termination fee refunds after complaints that some users were unable to file claims before the previous cutoff on Jan. 31. It announced on Friday that it will accept refund requests until June 30.
The company offered to waive early termination fees between Dec. 31 and Jan. 13 and refunds for subscribers who had already canceled their service after Sept. 1.
The fee waiver was a follow-up measure to a major hacking incident in September. The breach involved illegal femtocell base stations that intercepted authentication signals to steal subscriber information and make unauthorized small mobile payment charges totaling about 243 million won ($155,700). In the process, the phone numbers and mobile identity data of 22,227 users were compromised.
The latest extension applies only to customers who have already left the carrier but failed to file refund claims in time. It excludes new cancellations.
KT CEO Kim Young-shub bows in apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Dec. 30, 2025. Yonhap
KT CEO Kim Young-shub bows in apology for a string of unauthorized mobile payment fraud cases involving the telecom company during a press conference at KT headquarters in central Seoul, Dec. 30, 2025. Yonhap
According to the Korea Telecommunications Operators Association, KT lost over 238,000 subscribers after the fee waiver period, reflecting the scale of customer backlash in the wake of the breach.
“We have put in place measures to prevent any inconvenience to customers regarding early termination fee refunds,” KT said.
Separately, the ICT Ministry recently disclosed that KT paid a total of 26.25 million won in administrative fines for three counts of violations on mandatory cyber‑incident reporting.
The penalties included two delayed reports tied to last year’s hacking case, which were fined at 7.5 million won each, and an 11.25 million won fine for failing to report an unrelated malware incident in 2024.
Under Korean law, companies must report hacking or other security incidents to authorities within 24 hours of becoming aware of them. The ministry also ordered KT to submit measures to prevent recurrence. The e company filed its implementation plan in January, which is now under review.
More significant sanctions could follow, as the Personal Information Protection Commission (PIPC) is expected to conclude its investigation into KT’s hacking incident soon. It is currently conducting its final legal review and determining the level of administrative fines.
“We launched the investigation immediately last September, but as we discovered an additional server infected with malware, it delayed the process,” PIPC Vice Chairperson Lee Jeong-ryeol said on Wednesday. “We are confirming the illegal activities and aim to conclude the investigation soon.”
LG Uplus headquarters in Yongsan District, Seoul / Courtesy of LG Uplus
LG Uplus headquarters in Yongsan District, Seoul / Courtesy of LG Uplus
LG Uplus is facing controversy over how it handled signs of a breach after identifying illegal access to information including server lists, server account credentials and employees’ names.
Last October, the government launched an investigation after the company reported the suspected data leaks, about three months after the Korea Internet & Security Agency informed it of receiving an anonymous tip of the breach.
The investigation found that the company upgraded or reinstalled operating systems on key servers and discarded some equipment after officials had warned LG Uplus about suspected data leaks. It wiped logs and made a full forensic reconstruction of the breach impossible, prompting authorities to ask police to investigate on suspicion of obstructing official duties.
The National Assembly Research Service noted on Wednesday that the company could face sanctions, such as offering an early termination fee waiver, if allegations of intentional evidence destruction or obstruction during a hacking probe are substantiated.
“If such attempts go beyond ordinary security measures and constitute destruction of evidence and obstruction of an investigation, it effectively deprives users of the chance to understand whether their personal data was leaked or the scale of it,” the service said.
“It can be seen as a breach of the duty to provide secure telecom services as contracted and thus interpreted as a company‑at‑fault situation that warrants waiving termination penalties.”
