 |
Photo courtesy of Yonhap News |
[Alpha Biz= Paul Lee] Sejong, October 13 — The Ministry of Science and ICT (MSIT) announced on Sunday that it has referred KT Corp. to law enforcement for allegedly submitting false data and concealing evidence during the government’s investigation into the company’s recent unauthorized micro-payment and hacking incidents.
The announcement came during a National Assembly audit at the Government Complex in Sejong, where the ministry briefed lawmakers on its findings and forthcoming cybersecurity policy measures.
KT Accused of Concealing Server Data
According to the MSIT, KT reported that it had disposed of servers related to the hacking case on August 1, but the company actually continued disposal activities until August 13. Moreover, KT allegedly failed to disclose server backup logs to the joint government–private investigation task force until September 18, well after the deadline.
The ministry stated that KT’s initial response to the unauthorized billing attacks was inadequate and that poor network management allowed illegal small-cell base stations (femtocells) to connect to its official network — a violation now under detailed investigation.
Government to Tighten Cybersecurity Oversight
The MSIT said it is strengthening its authority to conduct proactive cybersecurity inspections. A new bill introduced last month would enable the government to launch on-site investigations without company notification when signs of cyber intrusion are detected. It would also establish a Cyber Incident Investigation Committee with powers to access and inspect corporate facilities.
In addition, the ministry plans to reform the Information Security Management System (ISMS) audit process — which came under fire following recent telecom breaches — by expanding on-site verification and compliance checks.
Stronger Penalties and Corporate Accountability
To prevent future cover-ups and lapses, the ministry is preparing stricter penalties for non-compliance. Under the proposal:
Telecom operators would face enhanced security management obligations, particularly those with significant customer impact.
Fines for failure to report or cooperate in cyber incident investigations would rise from KRW 30 million to KRW 50 million.
A new enforcement penalty system would be introduced for repeated violations.
Chief Information Security Officers (CISOs) would be required to report regularly to company boards, and more corporations would be required to publicly disclose their cybersecurity status.
Expanding Anti-Fraud and Security Measures
The MSIT also unveiled plans to address the rising issue of phone-based financial scams and identity fraud:
An AI-powered facial recognition system will be introduced in December to prevent the issuance of fraudulent “burner phones.”
A “one-strike-out” policy will terminate contracts with telecom retailers caught facilitating illegal mobile activations.
By the end of this year, the ministry aims to work with smartphone manufacturers to automatically block malicious app installations.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
