"USIM Protection Service Is Not Enough...
USIM Replacement Is Necessary"
Ha Heebong, an attorney representing the joint lawsuit for damages related to the SK Telecom hacking incident, expressed concern about the potential leak of International Mobile Equipment Identity (IMEI) numbers, stating, "When combined with already leaked personal information such as names, phone numbers, and dates of birth, it could lead to highly sophisticated financial crimes or invasions of privacy targeting specific individuals."
On May 20, during an appearance on MBC Radio's "Kim Jongbae's Focus," Ha explained, "The IMEI is a unique number assigned to each smartphone, similar to a vehicle identification number for cars. If the IMEI has been leaked, the USIM protection service alone is insufficient. Replacing the USIM is the most direct response."
On the 14th, a notice regarding the USIM protection service was posted at an SKT store in downtown Seoul. Photo by Yonhap News
The joint public-private investigation team probing the SK Telecom hacking case announced the results of its second investigation at a briefing the previous day. In the first investigation announced on April 29, it was confirmed that 25 types of information, including four types of USIM-related data such as IMEI and authentication keys, had been leaked from three Home Subscriber Servers (HSS) out of five servers infected with malware. In the second investigation, 18 more infected servers were discovered. Notably, two of the infected servers were used to temporarily store personal information, including device IMEI numbers and personal data for customer authentication purposes.
Regarding this, Ha said, "This is extremely shocking and concerning. Initially, it was reported that five servers were infected with malware, but now 18 more have been found, bringing the total to 23. The number of types of leaked data has also increased dramatically from four to 25." He added, "The fact that the possibility of leakage of approximately 290,000 cases of IMEI and personal information, which was previously ruled out in the first investigation, has now been confirmed further highlights the seriousness of the situation."
He continued, "The Ministry of Science and ICT is saying that it is difficult to clone devices with only IMEI information, but this view is overly complacent. The important issue is not the theoretical possibility of cloning, but how the leaked information could be misused and what risks this poses to the public." He emphasized, "We must not overlook the various potential secondary damages that could occur when personal information is combined. Accurate disclosure of information and the establishment of practical safety measures must be prioritized."
On May 16, Ha filed a lawsuit on behalf of 9,175 SK Telecom users, seeking 500,000 won in compensation per person. The total claim amount for the joint lawsuit is approximately 4.6 billion won, and this is the first round of litigation. Ha stated, "More than 11,000 people have expressed their intention to participate in the lawsuit. The first group of plaintiffs has already filed, and applications for the second group will be accepted until May 28, with the complaint to be filed on May 30."
He said, "We are claiming damages for the clear violation of laws by SK Telecom and the resulting mental distress suffered by the plaintiffs. According to the Personal Information Protection Act, unless the data handler proves there was no intent or negligence, they cannot be exempt from liability. Considering the intent of the law, I believe there is a strong chance that the victims will win the case."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
