South Korea’s telecom company LG Uplus has acknowledged a data breach after detecting signs of unauthorized access to its internal network, adding to a growing number of cyberattacks targeting major operators in the country this year. The company submitted a report to the Korea Internet and Security Agency following detection of potential intrusion, though it has not yet released a full investigation timeline or confirmed the scope of the compromise.
According to the investigation alert, LG Uplus identified irregular activity that prompted the filing, and industry sources indicated that this alert followed a white-hat researcher’s disclosure in July of suspicious server access. Although LG Uplus initially notified authorities that it found no concrete evidence of a breach in August, the more recent filing suggests that the situation has been re-evaluated and that the company is treating it as a formally recognized incident.
According to hacking publication Phrack, the attackers had infiltrated LG Uplus’s intranet and accessed data from approximately 42,000 customer accounts and 167 employees, though LG Uplus has not verified those numbers publicly. These claims emerged alongside similar breaches involving other major carriers such as SK Telecom and KT this year.
LG Uplus said it continues to investigate the breach, working with authorities and preparing to share findings once it completes its internal review. At present, the company has not commented on whether operational services were impacted or whether any data has been published or used maliciously. It remains unclear whether the intrusion involved ransomware or extortion demands.
This incident stands out because it follows two earlier major breaches in South Korea’s telecom sector. Earlier this year, SK Telecom reported a substantial data theft affecting subscriber authentication keys, and KT disclosed unauthorized mobile payments affecting hundreds of users. Together, these incidents signal a broader trend of attackers targeting telecommunications networks and back-end infrastructure.
The data reportedly accessed by attackers in the LG Uplus incident is especially concerning because customer account information and employee records carry high risk for identity theft, fraud, and social engineering attacks. While LG Uplus has yet to confirm what exactly was taken, the leak of account credentials and personal information has serious implications for both individuals and the telecom provider.
In response, LG Uplus is expected to increase its cybersecurity measures, enhance monitoring of its networks, and potentially review access controls for internal systems. The company has also faced scrutiny in the South Korean National Assembly, where officials questioned its delay in reporting and raised concerns that critical evidence might have been altered or removed following the initial alert.
As the investigation proceeds, LG Uplus and its regulators face pressure to determine how the attackers gained access, whether other systems were affected, and whether the breach represents part of a coordinated campaign against the country’s telecom infrastructure. This case highlights how interconnected and sensitive modern telecommunications networks are and how increasingly attractive they have become as targets for cybercriminals.