NewKerala.com

Key Points

KT's CEO has openly admitted that the company did a poor job managing its micro base stations, known as femtocells. This mismanagement allowed hackers to connect illegal devices to the network, leading to a significant data breach. The company is now working to assess the full scale of the damage by analyzing all authentication methods. As a result, KT is considering waiving cancellation fees for thousands of users whose data was compromised.

Key Points: KT CEO Admits Poor Femtocell Management After Illegal Payment Breaches

  • CEO Kim Young-shub admitted to poor femtocell management during a parliamentary hearing
  • Unregistered femtocells accessed private data of 362 users in late August
  • The company is now expanding its analysis to all authentication data beyond ARS
  • KT is considering waiving subscription cancellation fees for 20,300 affected users
2 min read

KT admits poor management of micro base stations used in illegal payment breaches

KT's CEO acknowledged poor femtocell management led to a data breach affecting 362 users. The company is analyzing the damage and considering waiving cancellation fees.

"After the incident, we reviewed the management of femtocells and found numerous vulnerabilities and poor management. - Kim Young-shub, KT CEO"

Seoul, Sep 24

KT Corp's chief acknowledged on Wednesday that the company had poorly managed micro base stations linked to recent unauthorised mobile payment breaches.

"After the incident, we reviewed the management of femtocells and found numerous vulnerabilities and poor management," Kim Young-shub, chief executive officer (CEO) of KT, said during a parliamentary hearing. "We have since taken measures to prevent illegal femtocells from connecting to the network."

A femtocell is a small, low-power cellular base station, typically designed for use in homes or small businesses. Kim said KT outsources their installation and management, reports Yonhap news agency.

According to the company, unregistered femtocells were connected to its network around late August and gained access to private data of 362 users, with damages estimated at 240 million won (US$173,000).

Kim also said KT is expanding its analysis to all authentication data, after lawmakers pointed out that the company's probe had focused only on breaches involving the automated response system (ARS).

"Analysis takes time, so we initially reviewed ARS data. We are now analyzing all authentication methods, including short message service," Kim said, adding the company is assessing the full scale of the damage.

KT earlier explained that hackers had intercepted ARS calls meant to authorize mobile payments in some of the reported cases.

Kim said the company is considering waiving subscription cancellation fees for about 20,300 users whose private data was allegedly leaked after their mobile phones connected to the illegal base stations.

The compromised data may include international mobile subscriber identity (IMSI) and international mobile equipment identity (IMEI) numbers, as well as phone numbers.

"We are considering exempting cancellation fees for 20,300 affected users," he said.

In response, Second Vice Science Minister Ryu Je-myung said KT should lift subscription cancellation penalties if the company is found to have violated its obligation to provide a safe telecommunications environment to users.

"Investigators will determine (whether KT violated the obligation) and take necessary measures," Ryu added.

- IANS

Share this article:

Reader Comments

R
Rohit P
Waiving cancellation fees is the least they can do! If this happened with Airtel or Jio in India, there would be massive outrage. Data security should be non-negotiable for telecom companies. 😠
S
Sarah B
As someone working in IT security, this shows how vulnerable small base stations can be. Indian telecom companies should conduct immediate security audits of their femtocell infrastructure. Better safe than sorry!
A
Arjun K
While KT's admission is good, they should have been proactive rather than reactive. Indian companies need to learn from this - cybersecurity cannot be an afterthought in today's digital India. 🚨
M
Michael C
Respect to the Korean lawmakers for holding the company accountable during parliamentary hearing. Hope our parliamentary committees show similar seriousness about data breaches affecting Indian citizens.
K
Kavya N
I appreciate that KT is being transparent now, but the damage is already done. This makes me worried about UPI and mobile banking security in India. We rely so much on digital payments! 💳
V
Vikram M
Outsourcing installation and management is common practice, but security cannot be outsourced. Indian telecom companies must maintain direct control over critical security aspects. Jai Hind! 🙏

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50