A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the breach in detail.  According to Rethink Technology Research, the KT cyberattack appears to have targeted femtocells, small cellular base stations used in homes and offices, not for micro-payment fraud, but potentially to collect large-scale data at a national level. The report states, “The cyberattack on South Korean telecom company KT is not a simple fraud case but closer to a state-level cyber espionage activity spanning several years when examining the details.”  The report further notes that KT’s internal logs only date back to August 2024, making it difficult to confirm what occurred at vulnerable points before that period. Analysts suggest that this lack of historical data complicates the investigation and points to possible systemic failures in femtocell management, server oversight, and encryption protocols. “It seems inevitable that KT's leadership will face accountability for management negligence,” the report adds. 

Security Experts Weigh In

Security experts in South Korea have weighed in on the report’s findings. Dmitry Kurbatov, Chief Technology Officer at global communication security company SecurityGen, posted on LinkedIn that “the unauthorized micro-payment incident at KT is likely a deeper issue involving a network of thousands of femtocells.” Similarly, Kim Yong-dae, a professor in the Department of Electrical and Electronic Engineering at KAIST, described the incident as essentially a wiretapping operation rather than conventional financial fraud.  While Rethink Technology Research frames the attack as unprecedented in scope and sophistication, KT officials have pushed back against the report’s conclusions. A company spokesperson stated, “If you look at other reports by the author of this report, there is a tendency to be favorable and biased toward certain companies. It is difficult to regard this as an objective interpretation.” 

The KT Cyberattack Investigation Timeline

The cyberattack on KT was first detected in early September, when irregular micro-payments were identified across the network. A joint government-private investigation has been ongoing for over three months, with authorities yet to release the final findings. Analysts attribute the delay to stretched investigative resources due to a series of large-scale cyber incidents in South Korea, including the Coupang data leak. Some have also speculated that the prolonged timeline may indicate an intentional delay on KT’s part.  For comparison, the SK Telecom hacking case was resolved within two and a half months, followed by compensation announcements for affected users. In the case of KT, an investigation team official noted during a briefing following the presidential business report on December 12, “While investigating KT, additional issues have emerged, and server forensics are taking a considerable amount of time.”  Industry observers warn that the cyberattack on KT should serve as a cautionary tale for telecom operators not only in South Korea but globally. 

South Korean e-commerce giant Coupang has confirmed a massive data breach that exposed personal information belonging to nearly 33.7 million customers, making it one of the country’s largest cybersecurity incidents in recent years. The company publicly apologised over the weekend, acknowledging that the Coupang data breach stemmed from unauthorised access that may have continued undetected for months. Park Dae-jun, CEO of Coupang, issued a statement on the company’s website saying, “We sincerely apologise once again for causing our customers inconvenience.” The firm, often referred to as the “Amazon of South Korea,” said it is cooperating with law enforcement and regulatory authorities as investigations continue.

Coupang Data Breach Went Undetected for Months

According to Coupang, the unauthorised access began on June 24 through overseas servers but was only discovered on November 18. The company initially believed only about 4,500 accounts were affected. However, further analysis revealed that 33.7 million users had some form of delivery-related personal information exposed. The leaked data includes customer names, phone numbers, email addresses, shipping addresses, and certain order histories. Coupang stressed that no payment card information, financial data, or login credentials were compromised. The company has 24.7 million active commercial users as of the third quarter, which means the Coupang data breach covers almost its entire user base.

Former Employee Identified as Main Suspect

South Korean police confirmed that they have secured the IP address used in the attack and have identified the suspect behind the breach. Investigators say the individual is a former Coupang employee, a Chinese national who has already left South Korea. “We are analysing server logs submitted by Coupang. We have secured the IP used by the suspect and are tracking them down,” an official at the Seoul Metropolitan Police said. Authorities are also verifying whether the individual is linked to an email sent to Coupang threatening to reveal the stolen information.

Government Steps In as Public Concern Rises

The Ministry of Science and ICT held an emergency meeting on Sunday to review the scale of the incident and assess whether Coupang violated any personal information protection rules. Minister Bae Kyung-hoon said regulators are closely monitoring the company’s handling of the breach. The Korea Internet & Security Agency (KISA) issued a public advisory warning users to remain alert for phishing attempts or scam messages pretending to be from Coupang. So far, police have not received reports of smishing or voice phishing linked to the breach, but authorities say preparations are in place in case the situation escalates. The Coupang data breach adds to growing frustration among South Korean consumers, who have witnessed a series of major data leaks this year. SK Telecom and other large companies have faced similar cybersecurity incidents, increasing pressure on businesses to strengthen internal security controls.

Coupang Issues Customer Guidance

The company has started notifying impacted customers through email and text messages. In an FAQ shared with users, Coupang clarified what information was exposed and what steps customers should take. The company reiterated that payment, card details, and passwords were not affected. Coupang also explained that it notified authorities immediately after confirming the issue and is committed to updating customers as the investigation progresses. For now, the company says users do not need to take additional action beyond remaining cautious of unsolicited calls, links or messages claiming to be from Coupang. Police are verifying the suspect’s identity, travel history, and potential motives. They are also examining whether the individual acted alone or was linked to a wider scheme. The case has now moved from an internal inquiry to a full-scale criminal investigation. As authorities continue to analyse server logs and cross-border activity, concerns remain that the scale or impact of the Coupang data breach could grow. For now, officials say there is no evidence of financial misuse, but investigations are still in early stages.