On the night of April 19, SK Telecom was attacked by malicious code, leading to a suspected data breach involving subscriber information. The company is currently investigating the exact cause, scale, and specific data items affected by the breach, and has reported the incident to the Korea Internet & Security Agency (KISA) and the Personal Information Protection Commission. The potentially compromised data includes unique identification numbers related to USIM, which is used for storing subscriber identification details.
SK Telecom has taken measures to delete the malicious code and isolate the suspected hack-affected equipment, which is used for authenticating user devices for 4G and 5G voice calls. They are conducting a thorough system investigation to enhance the security against illegal USIM device changes or abnormal authentication attempts, and they are offering a free USIM protection service on their website.
The Ministry of Science and ICT, along with KISA, is providing technical support and could form a joint public-private investigation team for in-depth analysis and measures to prevent future occurrences. There is speculation regarding North Korea’s potential involvement in the hacking incident, as reported by Google’s Threat Analysis Group in relation to previous similar cybersecurity threats.
This breach is the first reported hacking-related personal data incident involving a telecom company since the LG U+ breach in January 2023, which led to the leak of approximately 300,000 pieces of customer information and resulted in financial penalties for the company. Previous similar incidents include the 2012 KT breach, which affected around 8.3 million users.