Hackers leak personal details of 9 million wireless users

Millions of mobile phone users face a potential security breach after hackers gained access to their personal data from telecommunications giant KT, police said Sunday. This provided a damning reminder that the country’s computer security defense is as porous as Swiss cheese.

Investigators at the National Police Agency’s cyber terror response team arrested two people and are investigating seven others for breaking into KT’s network and stealing the information of about 8.7 million of the company’s 16 million wireless customers. The compromised data included names, mobile phone numbers, contract terms and resident registration codes, the Korean equivalent of social security numbers.

The incident could have huge ramifications for KT, which was unaware for five months that their network had been penetrated by cyber criminals before belatedly calling the police. The company posted a public apology on its website over its lax protection of personal details.

Police suspect that the data was leaked to telemarketers with the suspects pocketing at least 1 billion won (about $877,000) in exchange.

KT is the country’s second-largest wireless carrier behind SK Telecom and the leading provider of fixed-line telephony, broadband and portable Internet services.

“The suspects spent nearly seven months developing the software they used to hack into KT’s system. They were very skilled,’’ a police official said.

“The leading hacker, a 40-year-old man we will call by his surname Choi, was a computer industry veteran with 10 years of experience as a software developer. We have recommended other wireless carriers, SK Telecom and LG Uplus, to double up on their network monitoring.’’

There were times in the past when it seemed Korea’s computer security woes couldn’t get any worse, but it continuously does. Firms previously lashed by data theft include video games giant Nexon (www.nexon.com), online commerce giant Auction (www.auction.co.kr), the Korean unit of eBay, and social media provider SK Communications, the operator of Nate (www.nate.com) and Cyworld (www.cyworld.com).

Nexon in November last year reported that cyber criminals intruded into its servers and fled with the sensitive information of 13 million users.
The data leak at SK Communications in August last year breached more than 35 million accounts, a mind-boggling total for a country that has about 50 million people and an economically-active population of 25 million.

The stolen information included names, passwords, phone numbers, e-mail addresses, and resident registration numbers.

In 2008, Auction was battered with a slew of class-action lawsuits after Chinese hackers stole the data of 11 million users. And last year three people were arrested for selling the personal information of nearly 20 million subscribers to Shinsegae Department Store’s online service and social networking site I Love School (www.iloveschool.co.kr). <The Korea Times/Kim Tong-hyung>

news@theasian.asia