South Korean police have arrested two men who allegedly stole the personal information of about 8.7 million cellphone customers from KT Corp., the second biggest mobile carrier in South Korea. The company alerted police on July 13 after detecting traces of hacking attacks. The data was collected for the last five months, starting in February 2012.
"It took nearly seven months to develop the hacking program and (the suspects) had very sophisticated hacking skills," a KT Corp. spokesperson told Yonhap News. "In light of this incident, we will strengthen the internal security system and raise awareness of security among all employees to prevent causing inconvenience to customers."
The duo developed a hacking program that stole the customers' names, phone numbers, residential registration numbers, and phone contract details of more than half of KT Corp.'s customers. Seven other people who allegedly bought and distributed the hacking program and the stolen personal data were also booked without physical detention.
The attack, described as one of the country's largest hacking schemes, is estimated to be valued at six figures: police said the two made about 1 billion won ($878,000) by selling the information to telemarketing companies. Those firms in turn used the details to contact customers (especially those whose contracts were close to expiration or considered likely to change phone plans), soliciting them to switch to other mobile operators.
"We deeply bow our head in apology for having your precious personal information leaked... we'll try our best to make such things never happen again," KT said in a statement to customers. That apology may not be enough; KT could easily end up facing a class action lawsuit filed by angry subscribers.