Hackers have accessed the personal details of 8.7 million mobile phone subscribers to South Korea's second largest telecommunications company.
Police have arrested two people for allegedly hacking into the network system of KT Corporation, formerly Korea Teleco, and selling the data.
The suspects are believed to have stolen the personal information of more than half of KT's 16 million subscribers since February, according to local reports.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
South Korea's National Police Agency's cyber terror response team said seven others were charged with buying the leaked data for telemarketing purposes.
Police suspect the telemarketers used the data to contact customers whose contracts were close to expiration or were considered likely to change mobile phone plans.
"It took nearly seven months to develop the hacking program and (the suspects) had very sophisticated hacking skills," an official at the cyber response team is quoted as saying.
KT has apologised for the data breach, saying it has taken steps to prevent further leakage.
"In light of this incident, we will strengthen the internal security system and raise awareness of security among all employees to prevent causing inconvenience to customers," the company said.
Highlighting the reputational damage caused by data breaches, market commentators have said angry subscribers may mount a class action lawsuit against the company.
The KT data breach comes a year after a spate of hacking attacks which targeted South Korean government departments, financial firms and a social networking site and web services portal run by SK Telecom.
In the worst breach in South Korea to date, hackers accessed 35 million user accounts in the attack on SK Telecom, which has links to the state monopoly phone company, Korea Telecom.
The breach was revealed by the Korean Communications Commission, which claimed to have traced the source of the incursion back to computer IP addresses based in China.