Data Breach Causes Phone Company's Stock to Plunge
CREDIT: KT Corporation
Most companies that suffer data breaches don't incur any permanent damage from the incidents, even if customers have their personal information exposed to identity thieves.
That may be changing, if the experience of a big South Korean telecommunications company is any indication.
Shares of KT, formerly Korea Telecom, fell 3 percent on the Korea Exchange and the New York Stock Exchange today (July 30), the day after police announced the arrests of two men suspected of stealing the personal data of 8.7 million KT customers.
The two men began hacking into KT's customer database in February and sold the purloined personal information to unscrupulous telemarketers, an official with the National Police Agency's cybercrime team told the Yonhap news agency.
"It took nearly seven months to develop the hacking program and [the suspects] had very sophisticated hacking skills," the unnamed official said.
Police estimate the pair made about 1 billion won, or $879,000, from the scheme.
Seven other men were arrested for buying the stolen information, which they used to identify KT customers whose mobile-phone contracts were about to expire.
"KT is a company that brings laughter, and tells touching stories that will move you to tears," reads a public-relations statement on the company's English-language website.
Following the news of the arrests, KT's stock opened sharply down in New York this morning and barely rose all day. In Busan, home of the Korea Exchange, the stock opened down and dipped further before regaining some ground.
"The data leakage news is hurting investors' sentiment today," a Korean financial analyst told Bloomberg News.
Security experts were dismayed in early June, when LinkedIn's stock rose following a data breach that exposed the passwords of 6.4 million customers.
The business-networking website was found to be using an outdated method of encrypting its passwords, which were easily "cracked" after being posted on hacker forums, and to have no chief security officer.