The Personal Information Protection Commission has launched an investigation into the recent leak of Universal Subscriber Identity Module (USIM) information that occurred at SK Telecom.
The Commission announced that it received a leak report from SKT at 10:00 a.m. on April 22 and immediately began its investigation.
Earlier that day, SKT stated, "At around 11:00 p.m. on April 19, we detected signs suggesting that some USIM-related information of SK Telecom customers may have been leaked due to malicious code." The USIM is a module containing the identification information of mobile network subscribers; after inserting the USIM card into a mobile phone, the device connects to the mobile network and authenticates the subscriber.
SKT explained that, in accordance with relevant laws, it immediately reported the incident to the Korea Internet & Security Agency (KISA) on April 20. At 10:00 a.m. on April 22, the company also reported the suspected personal information leak to the Personal Information Protection Commission and stated that it is actively cooperating with the ongoing investigation.
The Commission plans to investigate, through requests for data submission and on-site inspections, the following: the specific circumstances of the leak, the scale of the damage, the fulfillment of safety obligations, and the compliance with notification and reporting requirements under the Personal Information Protection Act. If any legal violations by SKT are identified during this process, the Commission will take strict action in accordance with relevant laws and regulations.
A representative of the Commission urged, "Since this leak occurred in a mobile telecommunications service that handles a large volume of personal information, please be especially vigilant to prevent secondary damages such as voice phishing or smishing that could result from the use of leaked personal information."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
