SK Telecom (SKT), one of South Korea’s leading telco giants, faced a major cyberattack in April that resulted in the theft of personal data belonging to approximately 23 million customers, nearly half of the country’s population. The incident has prompted concerns about the security and privacy of customer information, with many users opting to switch to different telecom providers to safeguard their data.
During a National Assembly hearing in Seoul, SKT’s CEO, Young-sang Ryu, revealed that around 250,000 users have already switched providers in the aftermath of the breach. He warned that this number could skyrocket to 2.5 million if the company decides to waive cancellation fees for affected customers. Ryu estimated that SKT could potentially lose up to $5 billion over the next three years if cancellation fees are waived.
In response to the cyberattack, SKT has launched a comprehensive investigation involving both public and private entities to determine the cause of the breach. The Personal Information Protection Committee (PIPC) of South Korea disclosed that 25 different types of personal information, including mobile phone numbers and unique identifiers, were compromised in the attack. This data breach puts customers at risk of SIM swapping attacks and government surveillance.
Following the discovery of the breach, SKT has taken proactive measures to protect its customers, including offering SIM card protection and free replacements to prevent further damage. The company is also developing a system to enhance information security through a SIM protection service, allowing users to use roaming services securely outside of Korea.
Despite the severity of the breach, SKT has not received reports of secondary damage or instances of customer information being distributed on illicit platforms. The company remains vigilant in monitoring for any unauthorized access and is committed to minimizing the impact on its customers.
A timeline of the data breach reveals that SKT detected abnormal activities on April 18, leading to the identification of a breach in its home subscriber server on April 19. The company promptly reported the incident to Korea’s cybersecurity agency on April 20 and confirmed the breach on its website on April 22. Subsequent investigations have uncovered additional malware in the hacking case, prompting SKT to strengthen its cybersecurity measures.
On May 7, Tae-won Chey, chairman of SK Group, publicly apologized for the breach, acknowledging the gravity of the situation. As of May 8, SKT is evaluating how to address cancellation fees for affected users and working closely with authorities to address the data leak.
Overall, SKT is focused on bolstering its cybersecurity defenses and restoring customer trust in the wake of this unprecedented breach. By implementing stringent security measures and cooperating with relevant agencies, the company aims to safeguard customer data and prevent future cyber threats.
