KT Corp. has decided to waive contract cancellation fees for customers affected by a major data breach in September. A government investigation revealed that poor management of femtocells caused the incident. The company also announced additional compensation measures and plans to bolster security.
KT Corp. announced on December 30 in Seoul that it will waive contract cancellation fees for customers wishing to terminate services due to unauthorized micropayments stemming from a major data breach reported in September. The incident was caused by the mobile carrier's inadequate management of femtocells, small base stations for homes or businesses, as concluded in the government's investigation results unveiled on Monday.
"KT takes responsibility for the incidents, and we will waive cancellation fees for customers who wish to terminate their mobile service contracts with KT," the company stated in a release. CEO Kim Young-shub expressed remorse during a press briefing: "I have come here with deep reflection and remorse for causing great anxiety and concern to customers. We take the joint government-private investigation results seriously."
Customers can apply for unsubscribing from Wednesday through January 13, with refunds also provided to those who canceled since September 1. New subscribers after that date are ineligible. To compensate further, KT will offer 100 gigabytes of free monthly data for six months starting in January to all users, plus discount programs at cafes and movie theaters. A two-year insurance program against voice phishing and scams will be available, with automatic enrollment for those aged 65 and older.
To prevent recurrences, KT plans to launch an information security task force, enhance accountability led by the chief information security officer, and conduct regular inspections by management and the board. The company intends to invest 1 trillion won (US$691 million) over five years to overhaul its data security system, replace outdated equipment, and adopt a zero-trust approach with real-time monitoring of all access attempts.
According to the Ministry of Science and ICT, the breach led to 243 million won (US$169,000) in unauthorized micropayments affecting 368 users, with personal data of 22,227 users— including mobile numbers, IMSI, and IMEI—compromised. The government noted KT's failure to meet contractual obligations, enabling fee waiver requests.
