According to the National Police Agency, a telemarketing business operator and his coworker in February created a computer program that could penetrate KT’s firewalls. From then through July 15, the hackers harvested information related to mobile phone users and took advantage of the list in telemarketing activities, encouraging subscribers to switch to another mobile phone or pricing program.
The stolen information included the name, mobile phone number, membership number, personal identification number and mobile phone serial number of each subscriber.
The suspects also reportedly sold the information and the program to other telemarketers.
Seven people reportedly paid 2-3 million won ($1,785) a month for the hacking program, using it to pilfer the personal information of 2 million subscribers between April and July 15. The buyers were booked without detention.
The telemarketing firm operator reportedly inserted malware into the hacking software he supplied them to get hold of information that his buyers gathered on their computer hard drives.
He is reported to have raked in more than 1 billion won ($890,000).
“(The operator) disguised himself as a local KT branch manager when accessing the database and took the information gradually rather than conduct a simultaneous and large-scale hacking. Had he conducted some mass leak, he would have been caught a long time ago,” an NPA officer said. The police confiscated the telemarketing operator’s computers and all information he stored.
Investigators have also asked the other telecommunications companies, LG and SKT, to check their databases. Officers said they would study KT’s liability.
This is the sixth time in five years a large company has been reported a huge data leak. A total of 10 million people’s private information was leaked when http://www.auction.co.kr was hacked in 2009, followed by GS Caltex’s 11 million in 2010, Cyworld’s 35 million, Hyundai Capital’s 1.75 million and Nexon’s 13.2 million in 2011.