Article at a Glance

Recently in Korea, a series of large-scale data breach incidents at major telecommunications, financial, and platform companies including SKT, KT, Lotte Card, and Coupang has intensified the cybersecurity crisis. These incidents have been triggered by sophisticated hacking attacks aimed at financial gain and have exposed a range of structural problems, including the theft of authentication credentials through the abuse of micro base station equipment at KT, the neglect of security vulnerabilities over a decade at Lotte Card, and failures in internal access control and authentication management at Coupang. In particular, companies revealed not only “technical failures” but also “governance failures” by neglecting even basic security checks due to complacent security awareness and poor risk management, and they concealed or downplayed the extent of infection even after incidents occurred. Although the government has announced comprehensive measures such as sweeping security inspections, stronger sanctions, and expanded ex officio investigations, many challenges remain unresolved, including the state’s responsibility for cybersecurity, the rationality of the penalty system, a lack of corporate security incentives, the absence of prevention-oriented policies, and fragmented organizational structures.

---

The country has been roiled by hacking and data breaches involving telecommunications companies. With card companies and e-commerce platforms also suffering data leaks from hacking attacks, Korea now faces criticism that it is effectively defenseless against cyberattacks and information breaches. In April 2025, there was a leak of USIM information affecting 25 million SKT subscribers, and in September of the same year, an unauthorized small payment incident at KT caused damage of about 240 million KRW to 362 users to date. In the same month, the hacking of Lotte Card servers led to the leakage of personal information of about 3 million members. Among them, core payment related information such as card numbers, passwords, and CVC codes of 280,000 people were exposed. In November, about 33.7 million customer account records were leaked from Coupang, including customers’ names, addresses, contact information, email addresses, and recent order histories.


The Causes Behind Repeated Incidents

According to the government’s investigation results announced in November 2025, about 43 internal KT servers were found to have been infected with BPFDoor, a sophisticated backdoor type malware that allows attackers to secretly remotely control compromised servers, and some of the infected servers were confirmed to have stored telecommunications network and device identification information such as International Mobile Subscriber Identity numbers, International Mobile Equipment Identity numbers, and phone numbers. The investigation team warned that this server intrusion may be linked to recent small-payment fraud schemes carried out through the interception of user signals. The issue became particularly serious after the investigation revealed that KT had discarded the infected servers without reporting the incident, prompting the government to move forward with criminal charges.

인기기사