A message indicating that KT will waive early termination fees displayed on a phone screen, Dec. 31, 2025. Yonhap
Two of South Korea’s leading telecommunications firms, KT and LG Uplus, are currently dealing with significant repercussions from recent hacking incidents and data breaches that have led to customer losses and increased demand for stricter regulatory actions.
In a response to consumer concerns, KT has extended the deadline for early termination fee refunds, acknowledging difficulties some customers faced in submitting their claims by the initial January 31 cutoff. As of the recent announcement on Friday, refund requests can now be made until June 30.
The company previously offered a waiver on early termination fees between December 31 and January 13, along with compensation for subscribers who canceled services post-September 1, following a severe hacking incident discovered in September. This breach involved illegal femtocell base stations that intercepted authentication signals to obtain subscriber details and made unauthorized mobile charges amounting to approximately 243 million won (around $155,700). The sensitive data of 22,227 users, including phone numbers and mobile identity information, was compromised during this event.
This latest extension of the refund window is applicable only to customers who have already exited the carrier without filing for claims in time, explicitly excluding any new cancellations.
KT CEO Kim Young-shub apologizes during a press conference addressing unauthorized mobile payment fraud at KT headquarters, Dec. 30, 2025. Yonhap
According to the Korea Telecommunications Operators Association, KT experienced a loss of over 238,000 subscribers following the announcement of the waiver, underscoring the extent of customer dissatisfaction stemming from the breaches. In a statement, KT emphasized its commitment to ensuring a seamless customer experience regarding early termination fee refunds.
Moreover, the Ministry of ICT has revealed that KT incurred administrative fines totaling 26.25 million won for three infractions regarding mandatory cyber-incident reporting. These penalties stemmed from two delayed disclosures related to last year’s hacking episode and a separate 11.25 million won fine for neglecting to report an unrelated malware incident in 2024.
Under Korean regulations, firms are mandated to report cybersecurity incidents within 24 hours of identification. To prevent such occurrences moving forward, the ministry has required KT to propose corrective actions, which the company submitted in January and is currently under scrutiny.
Further punitive measures may be forthcoming, as the Personal Information Protection Commission (PIPC) is nearing the conclusion of its investigation regarding KT’s hacking incident. This process includes a comprehensive legal review and a determination of applicable administrative fines. PIPC Vice Chairperson Lee Jeong-ryeol highlighted that the investigation was temporarily delayed due to the discovery of an additional infected server, emphasizing the ongoing nature of their inquiry.
LG Uplus headquarters located in Yongsan District, Seoul / Courtesy of LG Uplus
Simultaneously, LG Uplus faces backlash for its handling of potential security breaches, particularly after identifying unauthorized access to sensitive data, including server lists and employee information. An investigation was launched by the government last October, following LG Uplus’s report of these data leaks, which came three months after the Korea Internet & Security Agency alerted them to a tip-off regarding possible intrusions.
The inquiry revealed that, in response to early warnings about potential data leaks, LG Uplus upgraded or reinstalled operating systems on critical servers and discarded some equipment, which effectively erased logs and precluded a complete forensic analysis of the breach. Authorities are now seeking police involvement on suspicions of obstructing official duties, given these actions’ implications.
The National Assembly Research Service stated that if LG Uplus’s alleged destruction of evidence or obstruction during the investigation are substantiated, it could face sanctions, including a potential waiver of early termination fees. They emphasized that such actions may hinder users’ understanding of whether their personal data was compromised, highlighting a potential failure of duty to provide secure telecom services.
As investigations into the incidents at both firms progress, understanding the underlying tactics and techniques leveraged in these breaches is essential. Analysts speculate that initial access methods, such as exploiting vulnerabilities in the telecom infrastructure, might have been crucial components of these attacks, as outlined in the MITRE ATT&CK framework, underscoring the broader vulnerabilities present in the telecommunications sector in South Korea.