South Korean carrier LG Uplus reports server breach to authorities

LG Uplus officially reported a server hacking incident to the Korea Internet & Security Agency (KISA) on October 23, 2025—three months after KISA first alerted the company to possible compromise in July—following pressure from lawmakers during a National Assembly audit[2][4]. In response, the Ministry of Science and ICT has launched an on-site investigation to determine if sensitive data, including credentials for 42,256 accounts and personal information of 167 employees, was exposed, as reported by Phrack magazine and verified by cybersecurity sources[3][4]. CEO Hong Bum-shik stated, “[We] plan to take a more proactive stance” after initially claiming there was “no evidence of a cyber breach,” reflecting a shift driven

In the latest development, LG Uplus has officially reported a suspected server breach to the Korea Internet & Security Agency (KISA), marking the third major South Korean telecom operator affected by cyber incidents this year. This move comes after pressure from the National Assembly and amid concerns over leaked internal data, with estimates suggesting around 42,256 account credentials and personal information of 167 employees may have been compromised. The government is now working closely with LG Uplus to investigate the extent of the breach and determine whether personal or corporate data was exposed[1][2][3].

Following LG Uplus’ disclosure of a cyberattack compromising 9,000 servers and 42,000 customer accounts, its stock price experienced a sharp decline, falling approximately 3.5% on the day the breach was reported to the Korea Internet and Security Agency (KISA) on October 23, 2025. Market analysts attributed the drop to growing investor concerns over escalating cybersecurity vulnerabilities in South Korea’s telecom sector, especially after similar breaches at SK Telecom and KT Corporation this year[1][2]. Despite the setback, LG Uplus has pledged to bolster its cybersecurity investments, including a recent $80 million commitment, aiming to restore investor confidence amid ongoing scrutiny[6].

## Breaking News Update: LG Uplus Server Breach – Global Impact & International Response **October 29, 2025** South Korean telecom giant LG Uplus has confirmed a major server breach, with attackers reportedly stealing credentials from its security contractor, SecureKey, and gaining access to 8,938 servers—compromising 42,526 account credentials and personal data of 167 employees, according to the company’s latest incident report[5]. Industry experts and global cybersecurity watchdogs are raising alarms, noting this marks the third major breach among South Korea’s “big three” carriers in six months, signaling potential systemic vulnerabilities in Asia’s advanced telecom infrastructure that could have ripple effects for international partners and customers[7][

LG Uplus has officially reported a major cyberattack to South Korean authorities, revealing that hackers accessed approximately 8,938 servers and leaked data from about 42,000 customer accounts and 167 employees. This breach follows similar incidents at SK Telecom and KT Corp., marking a third significant security lapse among the country's leading telecom operators in 2025, intensifying competitive pressures around cybersecurity and customer trust in the fiercely contested South Korean telecom market[1][2][11]. Lawmakers have criticized LG Uplus for delayed reporting and possible evidence tampering, which may affect its market reputation compared to its rivals who faced breaches earlier this year but took swifter public action[3][5][13].

South Korean experts condemned LG Uplus for its delayed breach report, highlighting serious security flaws including unencrypted passwords and a backdoor bypassing two-factor authentication, which allowed attackers to access 8,938 servers and compromise 42,256 account credentials along with data of 167 employees[3][2][10]. Industry analysts criticized LG Uplus’s initial denial and alleged evidence tampering, such as server updates or discards post-warning, calling for thorough forensic investigations to assess full breach impact amid rising telecom cyberattacks in South Korea[3][5][12]. Lawmakers likened the vulnerabilities to "writing a safe’s combination on a sticky note," underscoring the urgent need for robust internal security reforms across the sector[3].

South Korean carrier LG Uplus reported a significant server breach to the Korea Internet & Security Agency (KISA) on October 23, 2025, following detection of suspicious activity dating back to July. Attackers exploited stolen credentials from LG Uplus's external security contractor, SecureKey, to infiltrate about 8,938 servers, compromising 42,256 customer accounts and data of 167 employees, mainly through vulnerabilities in the APPM (Account Privilege and Password Management) system managing internal credentials[2][7]. Technical flaws included backdoors, plain-text passwords in source code, and a bypass of two-factor authentication, enabling remote hijacking of administrator privileges and raising serious concerns about internal network security[3].

**Breaking News Update**: South Korean carrier LG Uplus has reported a significant server breach to authorities, marking the third major telecom operator in the country to face a cybersecurity incident this year, following similar breaches at SK Telecom and KT. This breach underscores a competitive landscape shift where cybersecurity is becoming a critical differentiator among telecom operators, with LG Uplus now under scrutiny for its handling of digital security threats. As all three major carriers face data security incidents, the industry is experiencing heightened scrutiny and potential regulatory actions.

South Korean carrier LG Uplus reported a cyberattack involving the breach of 8,938 servers, with data from approximately 42,256 customer accounts and 167 employees allegedly stolen, marking a major hack confirmed by cybersecurity experts and reported to the Korea Internet & Security Agency (KISA)[2][6][9]. Industry analysts highlight that this breach, following similar attacks on SK Telecom and KT, signals a concerning escalation targeting telecom infrastructure beyond just customer data, with some lawmakers accusing LG Uplus of potentially erasing evidence by discarding related servers after being warned of the intrusion[5][12]. Experts warn that these incidents demonstrate growing sophistication in attacks on South Korea’s telecom networks, prompting calls for stronger cybersecurity measures across the sector[5].

South Korean telecom giant LG Uplus officially reported a major server breach involving nearly 9,000 servers and over 42,000 compromised account credentials, including personal data of 167 employees, to the Korea Internet & Security Agency (KISA) after months of denials[2][4][6]. This incident marks the third significant data breach among South Korea’s top carriers this year, following SK Telecom and KT, raising concerns internationally about the security of critical telecommunications infrastructure and prompting calls for tighter cybersecurity collaboration across borders[4][9]. In response, global cybersecurity experts and watchdogs are intensifying scrutiny of South Korea’s telecom sector, while LG Uplus has committed to bolstering defenses with an $80 million investment, signaling an urgent need

Breaking News: Following the recent server breach disclosed by LG Uplus, all three major South Korean telecom operators—LG Uplus, SK Telecom, and KT—have now faced significant data security incidents in 2025. This series of breaches highlights escalating cybersecurity challenges in the industry, with LG Uplus reporting a breach affecting nearly 9,000 servers and 42,256 account credentials[1][2][4]. As a result, the government is urging telecoms to enhance their network security investments, with LG Uplus investing $80 million in cybersecurity efforts[8][9].

In a significant development impacting the competitive landscape in South Korea's telecom sector, LG Uplus has reported a server breach to authorities, marking the third major data security incident this year among the country's top carriers. This breach, which involved the compromise of nearly 9,000 servers and over 42,000 accounts, follows similar incidents at SK Telecom and KT, highlighting growing concerns about cybersecurity in the industry. As a response, LG Uplus is investing $80 million in cybersecurity measures, further emphasizing the need for enhanced security investments across the sector[1][2][8].

**October 28, 2025, SEOUL** — Following a wave of cyberattacks targeting South Korea’s telecom giants, LG Uplus on October 23 officially reported to the Korea Internet & Security Agency (KISA) that a hacker group reportedly compromised up to 8,938 servers, exfiltrating data from 42,256 customer accounts and 167 employees—marking the third major breach among the nation’s “Big Three” carriers this year, after SK Telecom’s April USIM data leak and KT’s August micro base station incident[2][7]. Industry sources say the attackers exploited credentials stolen from security contractor SecureKey, raising fresh concerns over systemic vulnerabilities in the nation’s telecom infrastructure and

In a significant development, LG Uplus has reported a server breach to South Korean authorities, marking the third major telecom provider to face a cyberattack this year, following SK Telecom and KT. This series of incidents has highlighted vulnerabilities in South Korea's digital infrastructure, with LG Uplus's breach allegedly involving data from nearly 9,000 servers and 42,000 account credentials[2][3][4]. The episode underscores the heightened cybersecurity challenges across the industry, leading to increased scrutiny and potential regulatory actions to enhance security measures.

South Korean carrier LG Uplus reported a server breach to the Korea Internet & Security Agency (KISA) on October 23, 2025, after initially denying any intrusion despite signs detected since July. The breach involved unauthorized access via stolen credentials from SecureKey, an external security contractor, compromising data from approximately 8,938 servers and exfiltrating 42,256 account credentials plus personal information of 167 employees. LG Uplus conducted password encryption updates and vulnerability checks post-alert but has yet to confirm the full scope or cause of the incident, raising concerns about potential evidence tampering after servers linked to the APPM system were reportedly updated or discarded[1][2][4][6][10].