Government Responds Swiftly to Seriousness of USIM Information Leak
"Daily Communication Until Investigation Is Complete"
Following a recent incident involving the leakage of USIM (Universal Subscriber Identity Module) information at SK Telecom, the largest mobile carrier in South Korea, the country's three major mobile operators have entered a strengthened management system. Under this system, they are now required to report their security status to the Ministry of Science and ICT at least once a day.
On April 23, an official from the Ministry of Science and ICT told Asia Economy in a phone interview, "Since April 21, we have been communicating closely with the Chief Information Security Officers (CISOs) of not only SK Telecom but also KT and LG Uplus, checking for any abnormal signs at least once a day." The official added, "Until the SK Telecom investigation is concluded, we plan to maintain this response system to ensure the stability of the telecommunications network and the protection of users."
SK Telecom announced that at around 11:00 p.m. on April 19, it detected that some customer USIM information had been leaked after its network equipment was infected with malicious code by hackers. The USIM is a medium that stores information used for identifying and authenticating individuals within the telecommunications network. SK Telecom stated that it immediately deleted the malicious code and isolated the suspected equipment as soon as the incident was detected. The company reported the incident to the Korea Internet & Security Agency (KISA) on April 20, and also notified the Personal Information Protection Commission. Given the seriousness of the incident, the Ministry of Science and ICT immediately formed an emergency response team led by the Director of Information Security Network Policy, and is conducting an in-depth investigation at SK Telecom's headquarters.
The government and the industry are on high alert because this USIM information leak could lead to much more severe secondary damages compared to typical personal information breaches. If USIM information is duplicated, it can be used for crimes such as identity theft using mobile phone numbers.
This is not the first time a mobile carrier has experienced a personal information leak. In 2012, KT suffered a breach that resulted in the leakage of personal information of about 8.3 million customers due to a hacking incident in its business system network. In January 2023, approximately 300,000 cases of customer personal information from LG Uplus were transferred to illegal trading sites. SK Telecom stated, "We are conducting a comprehensive inspection of all systems, strengthening measures to block illegal USIM device changes and abnormal authentication attempts, and immediately suspending service and notifying users if suspicious signs are detected." The company added, "We will further strengthen our security system and do our utmost to protect customer information."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
