SKT USIM Data Breach Raises Concerns Over Potential Misuse

It is expected that there will be significant repercussions following the leak of Universal Subscriber Identity Module (USIM) information at SK Telecom (SKT), the mobile carrier with the largest number of subscribers among the three major telecommunications companies in South Korea. Although personal information such as names, phone numbers, and addresses was not included in the leaked data, there remains a considerable risk of misuse depending on the scope of the compromised USIM information.

On April 22, SKT notified its customers, stating, "Around 11 p.m. on April 19, we detected signs that some USIM-related information of SK Telecom customers may have been leaked due to malware. We are currently continuing to determine the exact cause, scale, and specific items involved in the leak."

The USIM is a module that contains the identification information of mobile network subscribers. Subscriber authentication is performed by inserting a USIM card containing subscriber information into a mobile phone and connecting to the mobile network. Mobile subscribers can also change devices by inserting their USIM card into a new mobile device.

According to SKT, the leak is believed to have resulted from hacking via malware. Malware was discovered on equipment operating within the internal system, and it appears that some information was leaked through this. SKT explained, "Once we became aware of the possibility of a leak, we immediately deleted the malware and isolated the equipment suspected of being hacked."

According to industry sources, the leaked information is believed to include some USIM-related data, such as USIM key values. It has been reported that personal and sensitive information, such as users' names, phone numbers, resident registration numbers, and addresses, was not included in the leaked data. However, since the compromised data pertains to USIM information, the impact could be significant depending on the scope of the leak. If all USIM-related information was leaked, there is a possibility that this could lead to USIM cloning.

If a USIM is cloned, it becomes possible to impersonate a mobile network subscriber using a different device. This is known as "SIM swapping," which allows calls and text messages intended for the subscriber's number to be intercepted. Furthermore, hackers could obtain identity verification information conducted via mobile phone numbers or even steal financial information. However, as crimes involving SIM swapping have increased recently, mobile carriers have strengthened USIM authentication procedures, and some believe that the likelihood of actual identity theft crimes through USIM cloning is not high.

As of now, SKT states that there have been no confirmed cases of the leaked information being misused. SKT has implemented measures such as a comprehensive investigation of all systems, strengthened blocking of illegal USIM device changes and abnormal authentication attempts, and immediate suspension of service and notification if suspicious signs of damage are detected. For customers who wish to take additional precautions, SKT is also providing a free USIM protection service through its website and T World.

Yonhap News

Attention is now focused on how SKT will respond going forward. SKT has already notified customers of the security incident via main page notices on its website and customer center app. Even now, about three days after becoming aware of the leak, the company has yet to determine the specific circumstances or scale of the breach. It is still investigating which USIM information was leaked and how many users have been affected. The Ministry of Science and ICT has formed an emergency response team and launched an investigation into the cause, while the Personal Information Protection Commission began its own investigation immediately after receiving the leak report from SKT.

Experts advise that companies should pay greater attention to security, especially as the leak of critical data such as USIM information, which is directly linked to personal information, can have serious consequences. Kim Myungjoo, a professor in the Department of Information Security at Seoul Women’s University, pointed out, "Having USIM data stolen is akin to having the registration of your mobile phone stolen," and advised, "Companies tend to view security as a cost, but they should treat it as an investment and increase spending to ensure fundamental security."

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.