"Strengthen Security System," CEO Urges Employees
"No Secondary Damage Confirmed Yet"
In an internal message to employees on the same day, Yoo urged all staff to make every effort to further strengthen the security system and to develop measures to protect customer information.
Earlier, SK Telecom announced that on April 19 at around 11:00 p.m., it had detected signs of information leakage, including USIM (Universal Subscriber Identity Module) data, as a result of a malicious code attack by hackers.
A USIM is a medium that stores information used to identify and authenticate individuals within a telecommunications network. If USIM information is stolen, it can be used by others to create illegal USIM chips for identity theft or to intercept SMS data, among other criminal uses.
However, SK Telecom stated that it is currently conducting a comprehensive inspection of its entire system, strengthening measures to block illegal USIM device changes and abnormal authentication attempts, and immediately suspending service and providing guidance when suspicious signs of damage are detected. The company also explained that, as of now, there have been no confirmed cases of secondary damage or distribution on the dark web.
Regarding the leaked USIM information, SK Telecom clarified that it does not include names, addresses, resident registration numbers, or email addresses, and contains only subscriber authentication and identification information.
The specific scale of damage suffered by SK Telecom has not yet been revealed. The route of the leak also remains unidentified.
However, based on the company's explanation that the equipment suspected to have been hacked is a server performing terminal authentication at the central level, there are concerns that if the hacking or dark web leakage does occur, the impact could be significant.
Lee Sungyeob, a professor at Korea University's Graduate School of Management of Technology, explained that since this incident occurred at a company representing the nation's telecommunications industry, it is necessary to quickly determine the cause of the data breach and to check whether similar vulnerabilities exist in other IT companies or within the mobile telecommunications industry.
Meanwhile, this is the first case in about two years and four months since personal information was leaked due to hacking at a mobile carrier. In January 2023, LG Uplus suffered a hacking incident in which nearly 300,000 customer records were leaked to illegal trading sites, causing a major stir.
At that time, the leaked personal information included up to 26 items, such as mobile phone numbers, names, addresses, dates of birth, email addresses, IDs, and unique USIM numbers.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
