 |
Photo courtesy of Yonhap News |
[Alpha Biz= Kim Jisun] SEOUL, South Korea – October 23, 2025 – South Korean telecom operator LG Uplus has officially reported a server hacking incident to the Korea Internet & Security Agency (KISA), marking the third case of a major domestic carrier suffering a cyber intrusion this year, following SK Telecom and KT.
According to industry sources, LG Uplus filed a cybersecurity breach report with KISA on Wednesday, roughly three months after the agency first received a tip-off from a white-hat hacker alleging that an internal account management server at LG Uplus had been compromised.
In July, the white-hat hacker notified KISA of suspicious activity involving LG Uplus’s APPM (Account Privilege and Password Management) server, which manages internal employee credentials.
Citing the same hacker, U.S.-based cybersecurity outlet “Frag” reported that a hacker group breached the systems of LG Uplus’s external security contractor, SecureKey, using the stolen credentials to infiltrate LG Uplus’s internal network. The attackers allegedly exfiltrated data from 8,938 servers, including 42,256 account credentials and personal information of 167 employees.
LG Uplus initially conducted an internal review and informed the Ministry of Science and ICT in August that no evidence of cyber intrusion had been found.
However, critics raised concerns during a National Assembly audit, suggesting that LG Uplus may have updated or physically discarded servers related to the APPM system after being notified of the possible breach — a move interpreted by lawmakers as an attempt to erase traces of hacking activity.
KISA is now working with LG Uplus to determine the extent and impact of the breach, as well as whether personal or corporate data was exposed.
Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)
