Seoul: KT Corp., South Korea’s second-largest mobile carrier, has reported that the number of victims affected by a recent mobile payment breach has increased to 362, with the total financial damage amounting to 240 million won (approximately US$173,000).
According to Yonhap News Agency, KT initially identified 278 victims following a series of unauthorized mobile payments, which were suspected to be the result of a data leak. During a press conference in Seoul, Kim Young-geol, head of KT’s service product division, stated, “Of the 362 victims, we have completed correcting bills for 278. We will finalize refunds for the remaining 84 customers as well.”
After reviewing all mobile payments processed through their automated response system since June, KT concluded that no further damage has occurred since they blocked suspicious payment attempts on September 5. Koo Jae-hyung, head of KT Corp.’s network technology division, confirmed that there is no evidence suggesting a leak of users’ names and birthdates, which are essential for mobile payments.
KT assured that other critical personal information, such as the universal subscriber identity module (USIM) certification number, remains secure, eliminating the risk of additional damage from smartphone cloning. However, it was revealed that 20,000 customers received signals from four unauthorized cellular base stations, or femtocells, sparking concerns about potential leakage of their International Mobile Subscriber Identity (IMSI), International Mobile Equipment Identity (IMEI) numbers, and phone numbers.
In connection with the breach, two Chinese nationals were arrested after a court approved their arrest warrants due to a flight risk. The suspects, aged 48 and 44, are accused of making unauthorized mobile payments by hacking into KT users’ accounts. The 48-year-old suspect allegedly used an illegal micro base station connected to KT’s network to make minor unauthorized payments, while the other suspect is charged with cashing in on these illegal transactions.