
LG Uplus Discloses Ixio AI Call App Data Leak Affecting 36 Customers
LG Uplus, a South Korean telecommunications provider, reported a data leak on December 6, 2025, involving its AI-based call app, Ixio. A cache setting error during operational improvement work temporarily exposed call information of 36 customers to 101 other users. The exposed data included counterparty phone numbers, call times, and one-line call content summaries. The company proactively reported the incident to the Personal Information Protection Commission (PIPC) and emphasized it was due to human error, not hacking.
Signal context
First seen: Dec 6, 2025
Last updated: Jul 2, 2026
Status: Public signal
Key points
- LG Uplus disclosed a data leak on December 6, 2025, related to its Ixio AI call app.
- A cache setting error exposed call information of 36 customers to 101 other users.
- Exposed data included phone numbers, call times, and call content summaries.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch process controls, misconfiguration and accidental disclosure paths.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 23 signals in the same sector
- 88 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
LG Uplus discloses Ixio call data leak affecting 36 customers - CHOSUNBIZhttps://biz.chosun.com/en/en-it/2025/12/06/BBL6KEXJYRAVZKE7VANMMWTWWI/Public source from biz.chosun.com.
Call data of 36 users on LG Uplus' AI call app leaked - The Korea Timeshttps://www.koreatimes.co.kr/business/companies/20251206/call-data-of-36-users-on-lg-uplus-ai-call-app-leakedPublic source from koreatimes.co.kr.
Related signals
Grouped by why the signal is relevant.
Kee Wah Bakery Hit by Ransomware Attack, Data Leak Fears Emerge
Hong Kong's famous Kee Wah Bakery revealed on June 22, 2026, that it was hit by a ransomware attack on its internal network. The incident, which caused network malfunctions last Friday (June 19), targeted systems containing employees' personal data, as well as information related to business partners, online store customers, and mobile app members. While the company could not confirm if data was extracted, it has engaged cybersecurity experts, notified the Office of the Privacy Commissioner for Personal Data and police on Sunday (June 21), and is contacting affected parties as a precautionary measure. No customer payment or credit card information was involved.
French Government Platform Jeveuxaider.gouv.fr Suffers Data Leak Affecting 550,000 Accounts
On June 16, 2026, the French government announced that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak affecting approximately 550,000 accounts.
Dutch hospitals restore digital access after cyberattack on ChipSoft
On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.
CTIVD: AIVD en MIVD verwerken persoonsgegevens in bulkdata onrechtmatig
The Dutch intelligence services, AIVD and MIVD, have unlawfully processed personal data in bulk datasets, according to a ruling by the Committee for the Supervision of the Intelligence and Security Services (CTIVD). The report, published on July 1, 2026, states that groups of employees had unauthorized access to personal data, and large quantities of data were stored for too long. The bulk datasets, sometimes containing millions of records, include names, phone numbers, location data, social media data, and communication content, sourced from government agencies, commercially available datasets, or stolen datasets offered by criminals. The CTIVD has issued thirteen recommendations to improve the situation.
STNet, Inc. Affected by KDDI Corporation Data Breach
STNet, Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. STNet customers' email addresses and passwords may have been compromised.
eogb.co.uk Hit by Stormous Ransomware Group
eogb.co.uk, a UK-based organization, was claimed as a victim by the Stormous ransomware group. The incident was discovered on June 28, 2026, at 21:29 UTC, with deep access to Microsoft Dynamics GP, internal legal documents, partnership agreements, customer contracts, operational spreadsheets, financial reports, and executive documents.
