
SKT freezes new sign-ups, toughens consumer protection amid hacking fallout
SK Telecom said Friday it will suspend new subscriber sign-ups at its retail stores starting from Monday, to expedite USIM card replacements and to enhance customer protection in the fallout of a massive data leak from a recent hacking incident.
In a press briefing at the company's headquarters in downtown Seoul on Friday, CEO Ryu Young-sang announced that all 2,600 T World stores nationwide will halt receiving new subscriptions so the company can focus on replacing compromised USIM cards.
It will also stop mobile number portability services, which allows users to switch mobile network providers while retaining their phone number, until the USIM shortage eases.
Additionally, SK Telecom said it will compensate for losses incurred by the T World stores during this replacement period.
As for the detailed compensation plan, Ryu said it will be implemented after consulting with dealers. 'When looking at the distribution network, 350 of the 2,600 T World stores are directly operated by SK Telecom, and the rest are authorized dealerships. They are also small and-medium-sized enterprises, so asking them to stop taking new subscriptions could be a huge loss,' said Ryu.
However, the latest service halt does not extend to third-party retailers and online distributors, which are not under direct contract with the company.
The latest action is in response to the government's guidance issued the previous day, instructing SK Telecom to suspend new subscriptions until it resolves the USIM shortages for existing users and implement stronger corrective actions in response to the data breach.
SK Telecom, the country's largest mobile carrier with 25 million subscribers, serving nearly half of Korea's population, disclosed that it had experienced a cyberattack and subsequent data breach of customers' USIM data on April 18.
In response, the telecom giant said it removed the malware, isolated affected servers and enhanced security measures.
The company began offering free USIM chip replacements to all users on April 28, but it has been challenged due to overwhelming demand and a supply crunch, causing long lines at retail stores and system outages on its online reservation site due to high traffic.
The company has about 1 million USIM cards in stock, with plans to secure around an additional 5 million this month and another 5 million in June.
Amid the slow USIM swap rollout, the company said it will automatically enroll all customers into its USIM Protection Service without requiring a separate application.
The company asserts that the USIM Protection Service effectively blocks the use of illegally cloned USIM cards on other devices, providing the same level of protection as physically replacing the USIM.
As of Friday, 14.42 million people had joined the protection service, leaving out some 8.5 million others. The system can handle up to 1.2 million enrollments per day. The company plans to complete the process by May 14, with priority given to subscribers aged 75 or older and those with disabilities.
Following the hacking incident, SK Telecom is experiencing a massive user exodus to its main rivals, KT and LG Uplus.
According to the Korea Telecommunications Operators Association on Friday, more than 237,000 customers had switched from SK Telecom to other carriers, including KT and LG Uplus, in April alone, an 87 percent increase from March.
Amid growing calls to waive early termination fees for users, Ryu said the issue is still under review. 'The penalty fee is such a critical matter that the CEO cannot unilaterally decide, but must be approved by the board,' he said. 'We plan to have a board of directors discussion as soon as the internal legal review is completed.'

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Korea Herald
13 hours ago
- Korea Herald
Lee Jae-myung's economic playbook: big spending, bigger control
Pro-spending aides take key economic posts as President Lee moves to centralize budget planning under presidential office President Lee Jae-myung has assembled a pro-spending economic team to spearhead his early policy agenda, while leaving the key post of finance minister vacant — a move widely seen as a strategic effort to weaken the Ministry of Economy and Finance and shift fiscal authority toward the presidential office to accelerate policymaking. The appointments of Kim Yong-beom as chief of staff for policy, Ha Joon-kyung as senior presidential secretary for economic growth, and Ryu Deok-hyun as presidential advisor for fiscal planning underscore this shift. All three support an expansionary fiscal policy, in line with Lee's vision of using public spending to drive structural reform and revive domestic demand. Lee has notably elevated the role of fiscal planning within the presidential office. Ryu's newly created post was upgraded from a low-level secretarial role under the Moon Jae-in administration to vice-ministerial rank. Coupled with the sidelining of the Finance Ministry in key appointments, the move signals the administration's intent to centralize control over economic policymaking. The presidential office described Ryu as someone who will "strengthen democratic oversight of fiscal policy" by restoring discipline within the ministry and mobilizing resources to fulfill Lee's campaign pledges. A professor at Chung-Ang University and former official at Korea's top public finance institutions, Ryu is known for his expertise in budgeting and fiscal reform. Ha's appointment also breaks with precedent. The role of senior economic secretary — traditionally held by finance ministry officials — now goes to the Hanyang University economics professor and former Bank of Korea economist. A longtime policy ally of Lee, Ha is considered a key architect of the president's economic agenda. His title was revised to include 'growth,' underscoring the administration's focus on recovery and long-term restructuring. Overseeing both is Kim Yong-beom, a seasoned economic policymaker who previously served as first vice finance minister, vice chair of the Financial Services Commission and senior economist at the World Bank. The presidential office highlighted his leadership during Korea's COVID-19 response, noting his role in crafting and implementing measures credited with swiftly stabilizing the economy during the crisis. Kim has outlined a vision for what he calls 'structurally transformative fiscal policy' — redirecting Korea's accumulated wealth into active circulation to spur consumption, employment and productivity. 'What we need now isn't just stimulus or tax cuts, but a structural shift in the economy,' he wrote in a recent social media post. This philosophy underpins the administration's first major economic initiative: a supplementary budget exceeding 20 trillion won ($14.7 billion). Framed as a recovery package for struggling households amid high inflation and weak demand, the funds are expected to be delivered mainly through government vouchers and other cash-based support. Experts caution that Lee's expansionary fiscal approach may offer only a temporary boost unless paired with reforms that address the root causes of Korea's weak domestic demand. Kim Jung-sik, emeritus professor of economics at Yonsei University, warned that the proposed supplementary budget could provide only a short-term lift. 'If most of the funds are channeled into local currency handouts, consumption may tick up in the short term, but there's a strong chance the government will be forced to repeat the exercise next year,' he said. 'The focus of fiscal policy should be not simply on disbursement, but on strategic allocation.' While fiscal expansion may be necessary, Kim stressed it must go hand in hand with structural reform to ensure long-term stability. 'The downturn is rooted in structural weaknesses,' he said. 'Treating only the symptoms — such as small business distress — without revamping institutional structures or Korea's industrial base will result in ballooning debt and mounting fiscal inflation.' In contrast, Myongji University professor Woo Suk-jin emphasized the importance of short-term recovery measures such as the supplementary budget, given Korea's grim outlook. 'When the economy is clearly deteriorating, the government's role becomes critical,' the economist said. 'Rather than intervening across the board, it must draw clear boundaries. Stimulus is an urgent task that must be addressed directly, but it should be paired with support from institutions equipped to guide long-term growth.' Woo also noted that fiscal expansion must be matched by efforts to bolster revenue. 'Eventually, the state will need to raise revenue — not by hiking tax rates, but by broadening the tax base through structural reforms,' he said. He also supported curbing the Finance Ministry's power, calling such a move 'in line with the principle of checks and balances.' 'The mega-ministry model may have once been efficient, but it no longer fits the current moment. What's needed now is a clear and transparent assessment of the fiscal landscape,' he said. Woo added that operational strength, and alignment with the president's new economic team, should be central to selecting the next finance minister. 'It's a misconception that only career finance officials can run the ministry,' he said. 'If the ministry is to be broken up, a capable technocrat — or even a politician — could be a viable choice.' The finance minister post has remained vacant since Choi Sang-mok stepped down on May 1. While the ministry has long dominated Korea's economic policymaking, Lee is seeking to carve out its budgeting function and bring it under presidential control, potentially positioning Ryu, as fiscal planning advisor, to take the lead.


Korea Herald
26-05-2025
- Korea Herald
Investigation into SK Telecom data breach expands to KT, LG Uplus: sources
A joint government-private investigation team looking into SK Telecom Co.'s recent large-scale data breach has extended its probe to the servers of two other major mobile carriers, KT Corp. and LG Uplus Corp., but found no signs they have been compromised, industry sources said Monday. Initially, the team had asked local telecommunications and platform companies to conduct their own cybersecurity inspections. However, the approach was revised last week amid growing concerns that hackers using BPFDoor malware variants may have also targeted other South Korean mobile carriers, according to the sources. Following the expanded investigation, no traces of hacking activity have yet been found on the servers of KT or LG Uplus, they added. In a media briefing last week, the investigation team revealed interim findings indicating that 25 malware variants had been discovered on 23 servers belonging to SK Telecom. These included 24 variants of the BPFDoor malware and one variant of WebCell. Two of the affected servers had been used as temporary storage for personal data, such as names, birthdates, phone numbers and email addresses, as well as international mobile equipment identity data. The IMEI is a unique identifier for each device on a network and could potentially be exploited in financial transactions. SK Telecom discovered the breach April 18. (Yonhap)
![[Editorial] Hole in cybersecurity](/_next/image?url=https%3A%2F%2Fall-logos-bucket.s3.amazonaws.com%2Fkoreaherald.com.png&w=48&q=75)
Korea Herald
21-05-2025
- Korea Herald
[Editorial] Hole in cybersecurity
SK Telecom breach dates back 3 years; Malware indicates China-based hacking The nation was jolted by interim probe findings that personal information and universal subscriber identity module or USIM data of practically all subscribers of SK Telecom may have been leaked by hackers. The cyberattack dated back about three years and turned out to be much more extensive than revealed in the initial briefing, according to the second briefing Monday by a joint investigation team of the Ministry of Science and ICT and the Korea Internet & Security Agency. SK Telecom discovered the breach about a month ago, on April 18. Leaked USIM data amounted to 9.82 gigabytes. which equates to roughly 26.9 million units of international mobile subscriber identity or IMSI numbers. This means that the USIM data of practically all SK Telecom subscribers has been leaked. Currently, it has 25 million subscribers, including 2 million budget phone users. A total of 23 SK Telecom servers were found to be compromised by malware, up from the five disclosed in the previous briefing held on April 29. The number of malware variants found to have infected the servers increased from four to 25. Among the affected servers, two had been used as temporary storage for personal data, such as names, birthdates, phone numbers and email addresses, as well as data on international mobile equipment identity or IMEI, a serial number assigned to every mobile phone. The possibility of financial fraud and other forms of secondary damage from copy phones has gone up. Investigators found that hackers planted malware on June 15, 2022. It is shocking that not only the telecom carrier but also the government and private cybersecurity firms had remained in the dark about the malware's infiltration for about three years. There is another problem. How much damage the cyberattack will cause down the road is anyone's guess. SK Telecom reportedly keeps log data for the last four or five months. So, no log data is available for the period from June 15, 2022, when malware was first planted, to Dec. 2, 2024. Fortunately, no evidence was found showing any data leakage between Dec. 3, last year and April 24 of this year, but investigators could not confirm whether any leaks occurred during the period for which log data is not available. It is worth noting that 24 of the 25 malware variants detected this time were found to be BPFDoor, a backdoor reportedly used by China-based hackers to attack Middle Eastern and Asian telecom companies in recent years. Experts warn that this malware could be used for a cyberattack on the communication infrastructure of a country. Given that data on all SK Telecom subscribers may have been leaked for as long as three years, the breach is not likely to emerge as a simple hacking case. It is uncertain whether the incident was an organized cyberattack to cripple the communication system of a country rather than an attempt to steal money. Considering the cyber intrusion was not detected for so long, anybody can guess a similar thing may be happening at other communication networks or major institutions. Communication infrastructure is one of the cruxes of state administration. Cyberattacks could paralyze it secretly, plunging a nation into chaos. The SK Telecom breach reconfirms how vulnerable South Korea has become to such vital attacks. SK Telecom bears the primary responsibility for protecting its system from hacks, but the government needs to check the nation's cybersecurity this time. Also, the National Assembly should do its part to help telecom carriers fend off cyber infiltrations from abroad. One of the laws that it needs to revise is its espionage law, which only punishes spying activities done for North Korea. Recently, two Chinese nationals were caught photographing fighter jets near air bases in South Korea but released after telling police that photographing was their hobby. Police say there was no evidence that they did so for North Korea. China or the US would likely respond quite differently. For a nation to keep its sovereignty, security must be tight, cyber or not.