Over 9,200 SKT users file lawsuits over USIM data leak
In the wake of a major data breach involving SK Telecom's universal subscriber identity module, a group of 9,213 users has filed lawsuits, each seeking damages of 500,000 won ($360), citing gross negligence and violation of personal data protection obligations.
The legal team representing the plaintiffs held a press conference Friday, stating that the case goes beyond a typical privacy breach and represents a "foreseeable disaster" caused by SK Telecom's failure to uphold its legal responsibilities as a telecom service provider.
'This incident is not merely about leaked personal information,' the lead attorney said. 'It is a result of SK Telecom's clear violation of its duty to implement proper safeguards and report security incidents promptly. The harm was both preventable and foreseeable.'
According to the legal team, victims are suffering from heightened anxiety and inconvenience due to the possibility of their identities being misused for criminal activities through cloned USIMs. Some users have had to replace their USIM cards and have experienced disruptions in financial services.
'The breach has caused serious disruptions to daily life and constitutes a grave infringement of the constitutional right to informational self-determination,' the attorney said.
The law firm is demanding that SK Telecom publicly acknowledge its failure to protect customer data, issue a sincere apology to all affected users, disclose the full extent of the data compromised and clarify whether the USIMs' secret encryption key was also leaked. Additionally, it is calling for 500,000 won in compensation per person and concrete measures to prevent secondary damages.
The firm also urged government regulators to implement stronger oversight of telecom companies' key servers and to take substantive steps toward systemic improvements.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Korea Herald
26-05-2025
- Korea Herald
After SKT data hack, no. of malicious apps trying to hack devices spikes
Increasing number of hacking apps pretend to be Korea Consumer Agency, suspected to be 'organized distribution' South Korea is seeing an increasing number of malicious mobile applications disguised as state or private consumer rights agencies, in the aftermath of a massive hacking attacks against SK Telecom. Local cyber security company Everspin said Monday that its Fake Finder service that detects malicious apps has found a substantial increase in programs distributed under pretense of helping consumers, who were affected by the recent data breach made public on April 22. Detections of fake apps falsely named the government-affiliated Korea Consumer Agency had been fluctuating to peak at just under 400 times in April, but the number spiked as high as 671 times between May 11 and May 18. The fake apps used in voice phishing in which victims are told their devices have been hacked via phone and text message, and are encouraged to install the malicious applications as a remedy. The attacks involve fake apps, including one carrying the name of SK Shielders, a cybersecurity company that is part of the SK Group and controlled by the SK Telecom. According to Everspin, four different malicious fake apps have been used to illegally obtain personal information, one of which was designed to intercept calls made to financial authorities and police. "Apps similarly named to (actual companies and government agencies) have been consistently detected in the past, but the recent numbers clearly indicate an organized distribution riding on a certain social issue," the security company said. IIn one of the largest consumer data breach cases in Korean history, SK Telecom's systems have been breached by yet-unidentified group of hackers since June of 2022. It is thought that 9.82 gigabytes of sensitive SIM-related data related to well over 20 million users have been stolen by the hackers.
Korea Herald
26-05-2025
- Korea Herald
Investigation into SK Telecom data breach expands to KT, LG Uplus: sources
A joint government-private investigation team looking into SK Telecom Co.'s recent large-scale data breach has extended its probe to the servers of two other major mobile carriers, KT Corp. and LG Uplus Corp., but found no signs they have been compromised, industry sources said Monday. Initially, the team had asked local telecommunications and platform companies to conduct their own cybersecurity inspections. However, the approach was revised last week amid growing concerns that hackers using BPFDoor malware variants may have also targeted other South Korean mobile carriers, according to the sources. Following the expanded investigation, no traces of hacking activity have yet been found on the servers of KT or LG Uplus, they added. In a media briefing last week, the investigation team revealed interim findings indicating that 25 malware variants had been discovered on 23 servers belonging to SK Telecom. These included 24 variants of the BPFDoor malware and one variant of WebCell. Two of the affected servers had been used as temporary storage for personal data, such as names, birthdates, phone numbers and email addresses, as well as international mobile equipment identity data. The IMEI is a unique identifier for each device on a network and could potentially be exploited in financial transactions. SK Telecom discovered the breach April 18. (Yonhap)
![[Exclusive] No agents' phones affected by SKT hack to date: NIS](/_next/image?url=https%3A%2F%2Fwimg.heraldcorp.com%2Fnews%2Fcms%2F2025%2F05%2F22%2Frcv.YNA.20250520.PYH2025052011090001300_T1.jpg&w=3840&q=100)
Korea Herald
22-05-2025
- Korea Herald
[Exclusive] No agents' phones affected by SKT hack to date: NIS
Spy agency working with US, UK counterparts to track perpetrators behind hack of country's largest mobile operator No mobile phones used by officials working in the government's major security departments have been affected by the SK Telecom hack so far, according to a National Intelligence Service document seen exclusively by The Korea Herald. In the document dated Thursday, the NIS said no official phones used at the five government departments and agencies -- the NIS, Ministry of National Defense, Ministry of Foreign Affairs, Ministry of Science and ICT and the Presidential Security Service -- have suffered a data breach or other security incidents since the hack of the country's largest telecom provider first surfaced last month. Although no security incidents involving official phones have been detected to date, the NIS said it was monitoring for the possibility. According to the NIS, SK Telecom has been the sole manufacturer of official phones used by the South Korean government since April 2020. In the document, the spy service concluded that the security functions of the officials' phones should not, in principle, be affected by the SK Telecom hack. However, the NIS admitted that official phones, which have higher protection than normal phones, could be subject to universal subscriber identity module card duplications. To prevent possible security breaches, all of the official phones have been subscribed to SK Telecom's USIM protection services as of April 29, the NIS said. USIM cards on the official phones were also being replaced with new ones. The NIS said it was working closely with its counterparts in the US, UK and Singapore to identify the perpetrators behind the telecom hack.
