Photo: SK Telecom's chief executive officer Yu Yeong-sang issues a public apology for the hacking attack. Credit: SK Telecom.
On April 22, SK Telecom SK 텔레콤 disclosed that personal information for a significant number of subscribers had been leaked in a cybersecurity attack. The leaked personal information included the extremely sensitive USIM authentication keys used for individual access to apps, websites, and payment systems.
With more than 23m subscribers, SK Telecom is South Korea’s largest cellular service provider. The carrier has offered free USIM chip replacements to its users in the wake of the hack. Several banks and financial services companies have blocked SMS-based authentication for text messages sent through SK Telecom’s network, and major corporations like Samsung 삼성 have required executives to replace the USIM chips in their phones to protect trade secrets.
SK Telecom drew criticism for violating the Information and Communications Network Act 정보통신망법, which requires service providers like SK Telecom to notify the authorities within 24 hours of detecting any data breach. SK Telecom said it first observed the signs of a data breach on April 18, but did not report the breach to the government until April 20.
