(CNN) -- Police have arrested two people in connection with a cyber-attack that yielded personal details for 12 million customers of one of South Korea's biggest phone companies.
One of the suspects, identified only by the surname Kim, used his own customized hacking program to break into the computer system used by KT Corp, Incheon Metropolitan Police Agency Commissioner Lee Sang-Won said in a statement obtained by CNN Thursday.
Kim, whom police said was 29 year old, accessed bank details, home addresses and employment information for three-quarters of KT's 16 million registered users. This data was sold on to a 37-year-old man identified only as Park. The owner of a telemarketing business, Park used this information to sell cell phones posing as a KT representative, police said.
The two made 11.5 billion won (US$10.8 million) from the scheme, which dated back to February 2013, police added.
A third person initially implicated in the case was released.
The investigation is now expanding to other hacking activities and other cell phone sales stores.
KT said in a statement that it would actively cooperate with the police investigation to "minimize the damage to its customers," and "figure out the route of information leakage."
Credit card scam
In January this year, the personal data for 20 million South Korean credit card customers was stolen by a worker at the Korea Credit Bureau -- a company that offers risk management and fraud detection services.
The worker, who had access to various databases at the firm, is alleged to have secretly copied data onto an external drive over the course of a year and a half.
Clients of three Korean companies -- KB Kookmin Bank, Lotte Card and Nonghyup Bank -- were hardest hit by the data theft.
Following this leak, financial regulators have been working to revise legislation to beef up the protection of personal information, the Yonhap news agency reported.