Latest news with #Subscriber
Korea Herald
30-04-2025
- Business
- Korea Herald
SK Telecom scrambles to restore trust after massive data breach
Hit by 'worst-ever' hack, telecom giant loses 70,000 users in just two days South Korea's leading mobile carrier SK Telecom is facing mounting fallout from a recent hacking incident, with more than 70,000 users switching to rival providers in just two days after the company began offering free USIM card replacements. Amid growing concerns that the data breach could spill over into the financial sector, South Korean financial authorities on Wednesday launched an emergency response team and tightened security protocols. According to industry sources, 35,902 SK Telecom users switched to other major carriers Tuesday, following 34,132 users who switched Monday. During the same period, SKT gained only 11,991 new users. 'If we include those who moved to budget mobile carriers, the actual scale of the exodus is likely even higher,' an industry official said. Roughly 60 percent of users who left SKT migrated to KT, while most of the remaining subscribers switched to LG Uplus. SK Telecom CEO Ryu Young-sang acknowledged the severity of the cyberattack Wednesday, calling it 'the worst hacking incident in the history of the telecommunications industry,' during a parliamentary hearing held by the National Assembly's Science, ICT, Broadcasting and Communications Committee. When Rep. Park Jeong-hun of the People Power Party asked whether the severity of the incident was due to a breach of a system once considered virtually impenetrable, Ryu admitted it was. He added that it will take at least three months to completely replace USIM cards for the company's roughly 25 million subscribers. 'I sincerely apologize once again for the recent cyber incident. Our initial response was lacking in many ways. We will do everything we can to restore trust and resolve the situation,' Ryu said. He noted that SKT's USIM Protection Service offers a comparable level of security and that both he and SK Group Chairman Chey Tae-won are using the service without replacing their USIM cards. Regarding the possibility of additional data leaks beyond the three Home Subscriber Servers confirmed to have been breached, Ryu said further confirmation would depend on an ongoing joint investigation by government and private sector experts. Earlier in the day, the Financial Services Commission and the Financial Supervisory Service held a joint meeting with key financial infrastructure institutions and industry associations to coordinate risk prevention measures in response to the SKT data leak. According to the authorities, no signs of fraudulent activity had been detected so far. However, FSC Secretary-General Kwon Dae-young urged financial institutions to remain vigilant, warning that a spillover into financial systems could cause serious damage. 'We will operate a dedicated emergency response center and require financial institutions to report daily on any irregularities,' Kwon said. 'Special attention must be given to vulnerable groups, such as the elderly, to ensure no one is left exposed.' He also instructed key financial infrastructure providers to strengthen their cybersecurity protocols. The cyberattack — confirmed to have resulted in the leak of about 9.7 gigabytes of data after an SK Telecom server was infected with malware on April 18 — is delivering a significant blow to the telecom giant. While SKT still leads its competitors in subscriber numbers — with KT at 13.3 million and LG Uplus at 10.9 million — the company is expected to face major financial burdens, including regulatory fines and legal costs, as users prepare to file a class action lawsuit. Four SKT subscribers have already filed a lawsuit with the Seoul Central District Court, each seeking 10 million won ($7,300) in damages over the data breach. An online community organizing a class action lawsuit has amassed around 50,000 members. Shinhan Securities estimated that the cost of USIM card replacement alone could reach up to 200 billion won, based on an average replacement cost of 4,000 won per card for the entire subscriber base of 25 million.
Korea Herald
24-04-2025
- Korea Herald
[Editorial] Data breach, trust broken
SK Telecom's hacking incident exposes cracks in South Korea's digital armor In a hyper-connected nation where smartphones function as an extension of personal identity, the recent data breach at SK Telecom — a company with over 23 million subscribers — is more than another cybersecurity mishap. It is a stark wake-up call for consumers, regulators and telecom providers alike. SK Telecom disclosed Tuesday that a hacking incident had resulted in the partial leakage of universal subscriber identity module data — critical for authenticating mobile users. The breach stemmed from a malicious code attack detected Saturday, which infiltrated parts of its Home Subscriber Server. The company insisted that no resident registration numbers or bank account details were exposed, but that is scant consolation. USIM authentication keys, while not as overtly sensitive, can be weaponized in SIM swapping scams, identity theft and unauthorized access to financial services. This is not an isolated event. LG Uplus suffered a breach in 2023, affecting 300,000 customers. KT saw even larger breaches, impacting 8.3 million users in 2012, followed by 12 million in 2014. South Korea's three telecom giants have all experienced large-scale data leaks. Public trust should be on the line. Yet the corporate playbook remains painfully predictable: a formal apology, vague promises to boost cybersecurity and then silence until the next breach. What sets the SK Telecom breach apart is not just its scope but its systemic implications. Telecom companies increasingly resemble public utilities. Smartphones today are not mere gadgets; they are digital vaults housing everything from personal chats to biometric gateways to banking apps. The data they hold is not simply metadata — it is a mirror of identity. SK Telecom acted by deleting the malicious code and offering a free USIM protection service. However, customers were only notified via text four days later. In the world of cybersecurity, where every hour can spell the difference between containment and catastrophe, that delay reflects a mindset dangerously out of sync with the digital age. Assurances that no misuse has been reported offer little reassurance. Forensic analysis is ongoing, and the full impact of the breach remains murky. In the meantime, one uncomfortable question looms: Are South Korea's corporations doing enough to protect user data? The track record suggests not. Regulators are now investigating and considering sanctions. South Korea's revised Personal Information Protection Act allows fines of up to 3 percent of related revenues. But past enforcement has lacked teeth. Kakao was fined a record 15.1 billion won ($10.5 million) last year — a sum that barely grazed its 7.87 trillion won in revenue. The three major telecoms posted combined operating profits of 3.5 trillion won in 2024; SK Telecom alone earned 1.82 trillion won. Penalties are increasing. So are the breaches. It's clear that fines alone will not suffice. What's needed is structural change — from mandatory investment in cybersecurity to regular independent audits. More fundamentally, a cultural shift is overdue: companies must stop treating data as a monetizable asset and start seeing it as the core of user trust. Speculation is already circulating about foreign actors, including North Korea, being behind recent breaches. Whether true or not, the growing sophistication of cyberattacks underscores a simple truth — the threat is global, but the defense starts at home. South Korea has long prided itself on its digital prowess, from advanced mobile services to nationwide broadband infrastructure. Yet that ambition has not been matched by cybersecurity rigor. The cycle of breaches followed by boilerplate apologies must end. It is time for Korean corporations to treat data protection not as a compliance box to tick, but as a pillar of public trust. Consumers have handed over their digital lives. The least they deserve in return is robust protection.
