Customer trust is being actively contested among the three leading telecom operators in South Korea after they each suffered data security breaches in 2025.
KT, SK Telecom and LG U+ are no longer competing only on subscription price and network coverage, but on who can offer the most appealing compensation packages while demonstrating accountability and customer care.
The telcos are jostling for the top position in market share, as KT holds around 19 percent, while SK Telecom and LG U+ each hold around 17 percent, according to statistics from the Korea Telecommunications Operators Association.
The cyber attacks have sharpened that competition, turning security lapses into a direct driver of customer churn.
Trust Becomes the Battleground as Security Breaches Drive Customer Reshuffle
KT found in September 2025 that unregistered devices had accessed its internal network and leaked 22,227 subscriber identification numbers, terminal identification numbers, and phone numbers. This resulted in 368 customers losing ₩243MN ($168,000) in small payment scams.
Inspections of the network confirmed that 94 servers were infected with 103 different types of malware, according to an investigation by South Korea’s Ministry of Science and ICT.
The ministry found that KT failed to have adequate security measures in place and ordered the company to exempt customers from early contract termination fees:
“The government determined that the penalty exemption provision could be applied, taking into account the fact that KT was found to have been negligent in the KT breach and that KT failed to fulfill its primary obligations under the contract.”
KT customers who exit their mobile service contracts before January 13 will be able to claim a refund of the termination fee between January 14 and January 31, the telecom operator said.
But to encourage customers to stay after January 13, KT is offering five loyalty deals.
All existing customers will automatically receive 100GB of data per month from February to July. They’ll be able to apply for a free six-month subscription to one of two online video streaming services, six months of discounts on popular KT membership brands, and two years of free safety insurance, “to compensate for damages from cyber financial crimes.” Customers aged 65 and over will receive the insurance automatically. KT will also automatically provide 50 percent additional roaming data from March to August to customers who sign up for joint roaming.
If a customer who canceled their subscription during the penalty exemption period between September 1, 2025 and January 13, 2026 re-enrolls, KT will reinstate their existing long-term benefit coupon and membership level.
KT has pledged to invest over ₩1TRN ($690.5MN) over the next 5 years in information security “to further strengthen its responsibility and obligation to protect customer information as an AICT company handling large amounts of customer information in the AI era.”
However, when customers are finally given frictionless permission to leave, through waived penalties, they do so quickly and decisively if confidence is already broken.
More than 107,499 customers left KT from December 31, when it announced the penalty exemption, up to January 6, according to telecom industry data cited by local media reports.
Most of those customers, around 64 percent, switched to SK Telecom, 23.54 percent moved to LG U+ and 12.6 percent headed to mobile virtual network operators (MVNOs).
The high demand for phone number transfers disrupted the portability processing on January 5-6, delaying some customers from making the switch. That could see the numbers rise further in the coming days.
Rival Telcos Tackle Security Lapses Even as They Court KT Customers
SK Telecom and LG U+ have been competing aggressively to woo KT customers with sales incentives. They have also been trying to retain customers after their own cyber attacks.
In July 2025, an anonymous informant tipped off the Korea Internet & Security Agency (KISA) about a data leak from LG U+’s Integrated Server Access Control Solution (APPM), which manages and issues system account passwords, according to the statement from the Ministry of Science and ICT. The telco didn’t report the breach until October 23, by which time it had already re-installed the server. The incident is under investigation by the National Police Agency.
In April 2025, SK Telecom reported a security breach after discovering unusual traffic patterns on its network. An investigation found that the personal records of around 23 million customers, including phone numbers, International Mobile Subscriber Identity (IMSI) data and 23 different types of Universal Subscriber Identity Module (USIM) identifiers, had been compromised. Four types of the customer information that was exposed could be potentially used for SIM cloning.
The country’s Personal Information Protection Commission (PIPC) fined the carrier a record ₩134.8BN ($93.17MN) in August, stating that:
“SKT’s personal data processing practices and compliance status were vulnerable enough to be attacked due to complacency.”
The PIPC said SK Telecom fell short on several basic security fronts, pointing to weak access controls, unencrypted USIM authentication keys, and slow notification to customers affected by the breach.
The PIPC further ordered SK Telecom to pay ₩300,000 ($207) each to 3,998 customers who filed applications for dispute mediation after April 2025.
The Ministry of Science and ICT stated that it plans to take disciplinary action against KT for violating the Information and Communications Network Act by failing to report the security breach within 24 hours of becoming aware of it.
Authorities are also investigating whether “there was an intention to obstruct the government investigation.” KT will have to submit an implementation plan to the ministry detailing how it intends to prevent future attacks.
SK Telecom has been trying to make amends to customers, stating on January 7:
“Since the cyberattack that occurred last year, SK Telecom has been working to restore customer trust in various areas, including strengthening information security, customer protection, and customer compensation, through the implementation of the “Responsibility and Promise” program.”
Like KT, SK Telecom offered customers a compensation package for staying with its service after the breach.
Around 24 million subscribers who stayed received a 50 percent discount on their August mobile bill. The telco also offered an extra 50GB of data per month for five months, free SIM card replacements and SIM protection for all customers, and membership discounts with retail stores. The company waived the contract termination penalty fees for customers who decided to leave the service between April and July 2025.
SK Telecom is offering a “re-subscriber benefit” that will restore the subscription period and membership program level prior to cancellation for customers who canceled in response to the security breach and return within 36 months.
The telco conducted a customer survey from January 2-5 to find which compensation deal was the most effective. Asked to select up to two offers they felt were “the most sincere and provided the most tangible compensation,” 68.7 percent of respondents opted for the 50 percent bill discount, while 49.5 percent chose the additional 50GB of data. The free SIM replacement was popular among 36.6% percent, 29 percent chose the partner discounts and 16.2 percent gave credit for the cancellation fee waiver.
Following the sanctions by PIPC, SK Telecom has also vowed to improve its security systems to protect customer data and encourage loyalty.
“For nearly six months, SKT has been working to restore customer trust through various rewards programs. Going forward, SKT will continue to prioritize its customers and dedicate itself to providing even safer mobile communication services and products.”
Authorities Urge Data-Heavy Businesses to Strengthen Customer Protections
PIPC stated that its record fine on the telco “serves as a wake-up call for the importance of personal data protection.”
“The sanctions, in particular, will prompt businesses to have a sense of urgency for strengthening their personal data management systems and implementing preventive measures.”
“[T]he PIPC plans to enhance its management and oversight roles for businesses that process vast amounts of personal data, aiming to prevent a similar data breach from occurring.”
Haksoo Ko, Chair of the PIPC, added: “Taking this opportunity, large-scale personal data processors should invest in personnel and allocate more budgets for data protection and privacy by bringing in a shift in their perspectives that it is not just an expenditure, but an investment required for their operations.”
As South Korean telecom customers weigh where they feel safer, it’s clear that security failures now translate directly into customer experience failures, and the cost goes beyond fines and remediation budgets to customer losses. In markets becoming sensitized to security risk, customer data protection will become a key differentiator.
