KT Femtocell Security Breach Leading to Unauthorised Mobile Payments

**KT Corp Faces Regulatory Action After Femtocell Security Breach Exposes Thousands in South Korea** On December 30, 2025, South Korean authorities held KT Corp accountable for a major mobile payment breach stemming from critical security flaws in its femtocell infrastructure. Investigators found that KT used identical, long-term authentication certificates across its femtocells—valid for a decade—allowing unauthorized devices to repeatedly access the network without re-verification. The breach exposed identifiers of over **22,000 users**, with **368 individuals** falling victim to unauthorized transactions totaling **243 million won (≈$180,000 USD)**. Further scrutiny revealed that **94 KT servers** were infected with **over 100 types of malware**, underscoring systemic security failures in the company’s femtocell management. Regulators concluded that KT neglected its obligation to provide secure telecommunications services, ordering the company to submit **detailed prevention plans** by June 2026 for compliance review. Authorities also urged mobile operators to **rotate authentication server addresses regularly** and **block illegal network access** to mitigate future risks. While some hacking techniques resembled a prior breach at **SK Telecom**, no direct link between the two incidents has been established. KT acknowledged the findings, pledging **compensation for affected users** and **enhanced security measures** rather than contesting the results. In a separate case, **LG Uplus** is under police referral after investigators discovered that compromised servers were discarded, preventing a full technical analysis. The South Korean government emphasized that **robust cybersecurity is now a national priority**, particularly as the country seeks to solidify its position as a global leader in AI and digital innovation.