LG Uplus, a major South Korean mobile carrier, reported a possible data breach after a U.S. cybersecurity outlet, *Phrack*, claimed a hacking group infiltrated its internal network. The breach allegedly involved the compromise of 8,938 servers, 42,256 accounts, and 167 employees' data. While LG Uplus initially denied any evidence of a breach following an internal inspection in August, the company later filed a proactive report to the Korea Internet and Security Agency (KISA) to address public concerns and potential misunderstandings. The incident was disclosed after the company’s president, Hong Bum-shik, mentioned it during a parliamentary audit, emphasizing the need for transparency despite the lack of confirmed data exfiltration. The breach, if validated, could expose sensitive internal employee data and customer account information, raising significant operational and reputational risks.
Source: http://world.kbs.co.kr/service/news_view.htm?lang=e&Seq_Code=196857
TPRM report: https://www.rankiteo.com/company/lg-uplus
"id": "lg-0262902102325",
"linkid": "lg-uplus",
"type": "Breach",
"date": "8/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'LG Uplus',
'size': 'Large (major mobile carrier)',
'type': 'Telecommunications Provider'}],
'data_breach': {'data_exfiltration': 'Claimed by Phrack (unverified by LG '
'Uplus)',
'number_of_records_exposed': ['42,256 accounts (claimed)',
'167 employees (claimed)']},
'date_publicly_disclosed': '2023-10-19',
'description': "LG Uplus, one of South Korea's major mobile carriers, "
'reported a possible data breach after a U.S. cybersecurity '
'outlet, Phrack, claimed a hacking group infiltrated its '
'internal network and seized data from 8,938 servers, 42,256 '
'accounts, and 167 employees. The company initially found no '
'evidence of a breach during an internal inspection in August '
'but decided to report the case proactively to ease public '
'concern and clarify misunderstandings. The announcement '
"followed LG Uplus President Hong Bum-shik's statement during "
"a parliamentary audit, where he mentioned the company's "
'obligation to report only after confirming a cyber '
'infringement.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'public disclosure of suspected breach',
'systems_affected': ['8,938 servers (claimed)']},
'initial_access_broker': {'high_value_targets': ['Internal network',
'Servers',
'Employee/Account data '
'(claimed)']},
'investigation_status': 'Ongoing (no evidence of breach found as of August '
'internal inspection; proactive report filed)',
'references': [{'source': 'YONHAP News'},
{'source': 'Phrack (U.S. cybersecurity outlet)'}],
'regulatory_compliance': {'regulatory_notifications': ['Korea Internet and '
'Security Agency '
'(KISA)',
'ICT Ministry '
'(notified in '
'August)']},
'response': {'communication_strategy': 'Proactive public disclosure to ease '
'concerns and clarify '
'misunderstandings',
'incident_response_plan_activated': 'Yes (internal inspection '
'conducted in August)'},
'threat_actor': ['Unnamed hacking group (as reported by Phrack)'],
'title': 'Possible Data Breach at LG Uplus',
'type': ['Data Breach (unconfirmed)', 'Network Intrusion']}