South Korea's leading mobile carrier, SK Telecom, has reported a suspected hacking attack targeting its Universal Subscriber Identity Module (USIM) system to the relevant authorities, raising concerns about the potential leakage of personal information belonging to its 23 million subscribers.
On April 22nd, SK Telecom announced that it had detected signs of a malicious code infiltrating its internal systems around 11 PM on April 19th. The company suspects that this intrusion may have led to the leakage of some information related to user USIMs. Upon identifying the potential breach, SK Telecom stated that it immediately removed the malicious code and isolated the equipment suspected of being compromised. Currently, the exact cause, extent, and specific items of the potential data breach are under thorough investigation.
Following the discovery of the suspected breach, SK Telecom promptly reported the incident to the Korea Internet & Security Agency (KISA) the next day. The company also notified the Personal Information Protection Commission (PIPC) about the potential leakage of personal information and pledged its full cooperation in the ongoing investigation. While SK Telecom has stated that no instances of the leaked information being misused have been discovered yet, the potential for widespread impact remains significant as investigations into the hacking incident affecting users and systems are underway.
SK Telecom intends to immediately suspend services and provide guidance to users if any suspicious activity is detected. Additionally, the company is offering a free USIM protection service (skt.sh/nUO7D) through its website and T World platform for users who wish to enhance their security measures.
This suspected hacking incident at SK Telecom marks the first large-scale personal data breach involving a major telecommunications company in approximately two years and three months. In January 2023, LG Uplus suffered a cyberattack that resulted in the personal information of around 290,000 customers being leaked onto illegal trading websites. The compromised data included 26 items such as names, phone numbers, addresses, dates of birth, email addresses, IDs, and unique USIM numbers. The PIPC subsequently imposed a fine of 6.8 billion won on LG Uplus for its responsibility in the incident. Previously, KT also experienced significant data breaches, with 8.73 million customer records compromised in a server hacking in 2012 and another 12 million through a customer service website hack in 2014.
Considering the gravity of the potential data breach, the Ministry of Science and ICT (MSIT) has formed an emergency response team and launched a full-scale investigation. The PIPC has also stated that it will thoroughly investigate the specifics of the leakage, the extent of the damage, and whether SK Telecom has fulfilled its obligations regarding security measures under the Personal Information Protection Act. The commission emphasized that it will take strict action in accordance with relevant laws if any violations are identified.
These successive personal data breaches at telecommunications companies underscore the critical importance of personal information protection in the digital age. They highlight the need for усиление security systems by corporations and stronger regulations and oversight by the government.
[Copyright (c) Global Economic Times. All Rights Reserved.]
