According to the CNN, one of the arrested men, a 29-year-old surnamed Kim, was a hacker who broke into the company's computer system with customized hacking software and extracted customer information such as names, resident registration numbers and bank account information.
The initial breach apparently happened in February 2013, and he has been extracting the data ever since. He allegedly sold it to a 37-year-old man surnamed Park, a telemarketing business owner that used the information to credibly impersonate a KT Corp. employee in order to sell cell phones.
Another man has been arrested but almost immediately released.
Apparently, in the last year, they managed to earn themselves nearly $11 million through this scheme.
KT is cooperating with the police as the investigation continues, and will be forced to set up a website its users can visit to check whether their information has been compromised, the Yonhap News Agency reported.
The South Korean Ministry of Science, ICT and Future Planning is warning potentially affected users to be on the lookout for phishing emails impersonating the company and taking advantage of the situation to make them share more personal details.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.