It should not come as a surprise that KT, the nation’s second-largest mobile carrier, was a target of hacking. Hackers have recently stolen confidential information from so many corporations, ranging from the Educational Broadcasting System to GS Caltex and Hyundai Capital.
What is shocking, though, is that KT had been kept in the dark for as long as five months. The police said a man, whose identity was withheld, developed a hacking program with his coworker in February and that they had since used it to steal the personal data of KT subscribers. No one should be blamed for wondering aloud how the mighty mobile carrier could be hacked for such a long time.
Presumably, no corporation has a 100 percent foolproof security system. If so, the question is how quickly it detects hacking and starts to control the damage.
Another question that needs to be asked is if KT took all the precautions it needed to take to protect subscriber information from being leaked. KT will have to be held accountable if the police investigation confirms KT’s negligence.
The scope of the hacking is also surprising. The police said the hackers stole the personal information of 8.7 million of its 16 million subscribers. The information included the names of the subscribers, the types of mobile phones they held in their possession, their resident registration numbers, the dates of service registration and the expiry dates of their service contracts.
The police suspect that the hackers disguised themselves as KT mobile service outlets, got access to subscriber data and sold the ill-gotten information to those who market services for other mobile carriers. It is not unusual for mobile subscribers whose contract is nearing its expiry to receive phone calls exhorting them to change carriers.
If no failsafe security system is available, what needs to be done to prevent further hacking is punish hackers severely. It is already claimed by many that convicted hackers are treated with kid gloves, with the maximum sentence being one year behind bars.
Another proposal is to raise the level of compensation for victims and institutionalize class actions against corporations that have failed to keep personal data from being hacked. Corporations have long been accused of spending very little on the protection of personal information they have gathered. Many say a small portion of the amount of money spent on marketing could greatly help prevent hacking.
