“USIM Hacking” Fine of 134.7 Billion Won Imposed on SKT… Largest Ever

[‘\n[Anchor]’,
,
, ‘The Personal Information Protection Commission has imposed a fine of over 134.7 billion won on SK Telecom for a large-scale user SIM information leak that occurred last April.’,
,
, “It’s the largest fine ever imposed by the Commission.”,
,
, “Let’s connect with our reporter for more details on the sanctions.”,
,
, ‘Reporter Im Gwang-bin.’,
,
, ‘[Reporter]’,
,
, ‘Yes, the hacking attack that led to the leakage of subscriber information from SK Telecom, the leading company in the mobile telecommunications industry, occurred last April.’,
,
, ‘After a concentrated investigation over the past three months, the Personal Information Protection Commission held a general meeting yesterday (27th) and decided to impose a fine of 134.79 billion won and a penalty of 9.6 million won on SK Telecom.’,
,
, “It’s the largest fine ever imposed by the Commission.”,
,
, ‘This surpasses the total fine of 100 billion won imposed on Google and Meta in September 2022 for collecting personal information without user consent for online customized advertising, which was 69.2 billion won and 30.8 billion won, respectively.’,
,
, ‘The Commission revealed that approximately 23.24 million phone numbers, subscriber identification numbers, USIM authentication keys, among 25 types of information, were leaked, excluding duplicate lines.’,
,
, ‘This incident had a significant impact on public life, as verification through mobile phones is commonplace, and this large-scale personal information leakage diminished the credibility of telecommunications services and spread social anxiety.’,
,
, ‘[Anchor]’,
,
, ‘Please explain the specific violations pointed out by the Commission.’,
,
, ‘[Reporter]’,
,
, “According to the Commission, the hackers first infiltrated SK Telecom’s internal network in August 2021 and installed malicious programs on multiple servers.”,
,
, ‘Subsequently, in June 2022, they installed malicious programs on the integrated customer authentication system to secure additional footholds and externally leaked user information stored in the home subscriber server database on April 18th of this year.’,
,
, ‘The Commission stated that this occurred due to SK Telecom’s insufficient basic security measures and negligence in management.’,
,
, ‘SK Telecom failed to implement basic access controls between the internet and internal network, and even after identifying a breach into the internal network by hackers in February 2022, they did not take appropriate measures, thereby worsening the situation.’,
,
, ‘Moreover, account information for multiple servers was stored without encryption or restrictions, and despite a security alert in 2016, no updates were conducted until the leak incident in April.’,
,
, ‘USIM authentication keys were also not encrypted.’,
,
, ‘Additionally, they were criticized for failing to appoint a personal information protection officer and for not notifying the leak within 72 hours as required by law, which heightened confusion.’,
,
, ‘The Commission imposed the fine on SK Telecom and, along with issuing corrective orders to prevent recurrence of similar incidents, recommended improvement of their systems.’,
,
, ‘This is Yim Gwang-bin from Yonhap News TV.’,
,
, ‘[Video Coverage by Kim Dong-hwa]’,
,
, ‘[Video Editing by Na Ji-yeon]’,
,
, ‘For Yonhap News TV inquiries and tips: KakaoTalk/Line jebo23’,
,
,