LG Uplus to invest $77.3 million annually against data theft

South Korea’s third-largest mobile carrier LG Uplus Corp. will spend 100 billion won ($77.3 million) a year to enhance data security about a month after 290,000 of its customers’ personal information was hacked, and come up with compensation measures for the affected customers.

“We sincerely apologize to our customers and business owners who have suffered due to the personal data leaks and network disruptions,” LG Uplus Chief Executive Officer Hwang Hyeon-sik said in a press conference on Thursday. “The incident happened because we failed to focus on the fundamental aspect of the telecommunications business, which is security.”

Hwang vowed to triple the company’s annual investment to 100 billion won to reinforce data security and improve network quality, immediately starting this year, as part of the company's measures to beef up data and network security against cyberattacks and personal information theft.

It will also place its chief executive security officer (CISO) and chief privacy officer (CPO) under the CEO’s direct supervision and hire security experts with different specialties as part of its security division reorganization plan.  

It will closely work with outside cybersecurity experts and form a data protection committee composed of those from security consulting firms and institutions, as well as academia. It will also develop quantum cryptography technology and seek to invest in or acquire digital security companies with better cybersecurity technologies.

The affected customers will have free replacements of their sim cards and free spam call detection service as part of the company’s compensation measures, which will be announced in detail later.

A MONTH AFTER THE DATA LEAKAGE

In early January, an anonymous hacker tried to sell the personal data of about 20 million LG Uplus customers, including mobile numbers, names, addresses, emails, smartphone device numbers (IMEI) and sim card numbers. The hacker claimed to obtain the data of some 30 million customers of Korea’s No. 3 mobile carrier.

Immediately after the claim, LG Uplus admitted to the hacking but said about 290,000 customers’ personal information was leaked, not 30 million. Police, Personal Information Protection Commission and the Korea Internet & Security Agency are jointly investigating the leak.

About a month after the data theft, LG Uplus experienced five massive network disruptions due to distributed denial-of-service (DDoS) attacks on Jan. 29 and Feb. 4.

In response, the company built a stronger firewall on Feb. 5 and has not experienced any network shutdown despite constant cyberattacks since then, said Kwon Jun-hyuk, head of the LG Uplus network unit.

Write to Seung-Woo Lee at leeswoo@hankyung.com

Sookyung Seo edited this article.