A kiosk offers LG Uplus and KT Corp. cell phone plans within an Army and Air Force Exchange Service location at Osan Air Base, South Korea, on September 23, 2025. (Trevares Johnson/Stars and Stripes)
The South Korean government has initiated an investigation into a series of data breaches affecting three of the nation’s largest cellular service providers, including those catering to U.S. military personnel. This comes in the wake of recent incidents involving SK Telecom and KT Corp., highlighting vulnerabilities that could have serious ramifications for consumer data security.
SK Telecom disclosed this month that it experienced a hacking incident involving customer data, while KT Corp. reported concerns regarding micropayment scams. These revelations were noted in announcements from the Ministry of Science and Information and Communication Technology, dated September 9 and September 16.
Earlier this month, the ministry launched an inquiry into substantial customer data theft, particularly focusing on KT Corp. and LG Uplus. These developments mark at least four significant telecommunications security breaches involving South Korean companies this year alone.
In April, hackers managed to infiltrate SK Telecom’s network and exfiltrate over 10 gigabytes of SIM card data, as reported by the ministry in July. All three telecom providers operate kiosks and retail outlets within Army and Air Force Exchange Service facilities at U.S. military sites such as Camp Humphreys and Osan Air Base, enabling U.S. military members and their families to acquire local phone plans.
While the U.S. Forces Korea issued an advisory regarding the incident at SK Telecom back in April, no advisories have been released for the most recent hacking incidents involving SK Telecom, KT, and LG Uplus, according to a comprehensive review of public advisories from the command.
On September 16, the ministry addressed allegations involving an international hacking group accused of stealing and distributing SK Telecom customer data on the internet. For the KT incident, the ministry formed a joint public-private investigation task force, overseen by the director general for cybersecurity and network policy, specifically targeting an unauthorized micropayment scheme affecting KT subscribers.
Micropayment fraud can occur when hackers deceive service providers into transferring a customer’s phone number to a different device, allowing them access to sensitive identity and financial information, as outlined by the U.S. Federal Communications Commission. The ministry had not responded to queries on September 17 and 19 seeking additional information on these alarming incidents.
The growing number of cybersecurity events has led to increasing public anxiety, prompting the ministry to commit to verifying these allegations rapidly and to transparently share the findings with the public. Earlier this year, the ministry’s investigation into the SK Telecom breach revealed that more than 42,000 servers were inspected, with 28 found to be compromised by advanced hacking tools, according to a final investigative report released on July 5.
