The government is calling on the nation’s second-largest mobile carrier, KT, to waive fees for all users who wish to terminate their contracts with the company following a security breach that resulted in a series of unauthorized mobile payments.

Announcing the outcome of a joint government-civilian investigation on Monday, the Ministry of Science and ICT concluded that KT’s failure to fulfill its contractual obligations constitutes grounds to demand that it waive its cancellation fees.

KT’s 94 servers were infected with 103 types of malware and it took longer to determine the scope of the damage because the company failed to report the detection of infected servers in March 2024, and because it deleted malware from 41 servers in an attempted cover-up.

The investigators confirmed that the mobile numbers, international mobile subscriber identity numbers and international mobile equipment identity numbers of 22-thousand-227 users were compromised after an illegal femtocell accessed KT’s internal network.

Femtocells are small base stations designed for use in homes or businesses.

The illegal access also resulted in unauthorized micropayments totaling 243 million won, or around 169-thousand U.S. dollars, affecting 368 users.

The investigative team asked KT to improve its security management to prevent a recurrence, such as regularly changing the authentication server’s IP address and developing a system to detect and block access attempts by unauthorized femtocells.

The ministry will require KT to submit a prevention plan by January and intends to check the progress of the plan’s execution in June.