Korean Lawmaker Discloses Over 7,000 Cyber Incidents Reported in Recent Years
KT Corp., a major South Korean telecommunications provider, is facing intensified scrutiny following a significant breach of its mobile micro-payment system that has led to hundreds of victims and substantial financial losses, as reported by the National Assembly on Sunday. The breach, which initially appeared localized to a few areas in southwestern Seoul, has now expanded to multiple districts and surrounding provinces, raising concerns about the company’s transparency and responsiveness.
From August 5 to 8, 15 individuals in the districts of Dongjak-gu, Gwanak-gu, and Yeongdeungpo-gu fell victim to fraudulent activities, losing a collective 9.62 million won (approximately $7,000) through 26 unauthorized transactions, data provided by Rep. Hwang Jung-a of the ruling Democratic Party indicates. The fraudulent activity subsequently extended to Seocho-gu, where three more victims incurred a loss of 2.27 million won, before impacting areas such as Geumcheon-gu and Gwangmyeong in Gyeonggi Province.
In a concerning development, KT reported nearly 100 unauthorized transactions worth around 30 million won on September 4 and 5, right before abnormal payment attempts were curtailed by the firm. Initially, KT informed parliament that no incidents occurred during those days, but later updated its figures to reveal 362 victims and 764 total transactions, a significant increase from the previous count of 278 victims and 527 transactions. The company noted that it began blocking the fraudulent attempts early on September 5, asserting that there have been no additional unauthorized charges since then.
Rep. Hwang criticized KT for limiting its investigation to only those cases involving intercepted automated responses, suggesting that the company had downplayed the extent of the breach. Reports from some victims indicated unauthorized PASS identity verifications and unexpected logins to popular applications such as KakaoTalk, highlighting possible broader vulnerabilities in KT’s systems. “If KT had shared comprehensive information on the timing and locations of the fraud sooner, it could have facilitated the investigation,” Hwang stated, expressing confusion over the piecemeal disclosure of critical details.
In light of the situation, Hwang is advocating for stronger repercussions than those faced by SK Telecom in a comparable incident, as well as mandatory compensation for the affected customers. Additionally, Hwang revealed to parliament that South Korean companies have collectively reported over 7,000 cyber incidents to authorities over the past six years, with incidents increasing dramatically in recent times.
Data from the Korea Internet & Security Agency confirms that 7,198 cyber breaches were reported between 2020 and September 14, 2025, including cases overseen by the Financial Services Commission. The annual tally has surged from 603 incidents in 2020 to 1,887 in 2024, with this year’s total already reaching 1,649, with over three months still to go.
The majority of reported breaches have involved system hacking, which has accounted for more than 60 percent of total incidents since 2020. Specifically, the data indicates that over 4,354 hacking incidents were reported over the last six years, in contrast to 1,502 malware infections and 1,342 distributed denial-of-service attacks. Notably, the proportion of system hacking incidents has increased from 41 percent in 2020 to nearly 73 percent in the previous year.
Rep. Hwang noted the urgent need to treat cybersecurity as a critical issue of national security, demanding coordinated efforts between public and private sectors following the recent breaches in telecom and financial firms that have adversely affected citizens. In response to the surge in notable cyberattacks, the Ministry of Science and ICT and Financial Services Commission have pledged a comprehensive government response.
A separate incident at Lotte Card has also resulted in the exposure of personal information for approximately 2.97 million customers, although there have been no confirmed reports of fraudulent use of the compromised data.
