Seoul: SK Telecom Co. announced Tuesday that approximately 280,000 users have received new universal subscriber identity module (USIM) chips through a complimentary replacement program initiated following a recent hack.
According to Yonhap News Agency, as of 9 a.m., around 4.32 million users had also scheduled USIM replacements online, the company reported. The replacement service commenced at 10 a.m. on Monday, with about 2,600 retail stores nationwide participating in the initiative. Approximately 25 million SK Telecom subscribers, including nearly 2 million budget phone users, are eligible for the replacement service.
The decision to offer replacements came after a cyberattack detected on April 18, when SK Telecom identified signs of a significant leak of customers' USIM data. In response, the company pledged swift action and launched the replacement program. Although authorities suspect the leak originated from SK Telecom's main server, the company has denied this claim.
Choi Jang-hyuk, vice chairperson of the Personal Information Protection Commission, expressed skepticism about SK Telecom's denial. "I don't know why SK Telecom denied that," Choi stated during a briefing. "I think it would be right to view the leak as coming from the main server." The commission is currently investigating whether adequate security measures were implemented for the main server that stored USIM data. Choi refrained from providing further details, indicating the probe is still in its early stages.
Choi also mentioned that SK Telecom might face a significant fine compared to the 6.8 billion won (US$4.7 million) penalty imposed on LG Uplus Corp. in 2023 for a data leak involving 300,000 users. Following recent legal revisions, companies can be fined up to 3 percent of their total sales, excluding sales unrelated to the violation.
In addition to the replacement program, SK Telecom has urged its subscribers to enroll in its USIM Protection Service, which the company claims offers protection against illegal financial activities equivalent to replacing the USIM card itself. As of Tuesday evening, over 10 million people, including 400,000 users on mobile virtual network operator services utilizing SK Telecom's network, had registered for the service.
SK Telecom stressed that no financial incidents, such as unauthorized transfers, have been reported using the stolen data to date. However, cybersecurity experts warn that hackers may still use the stolen USIM information for phishing attacks via text messages, KakaoTalk, or email. The Korea Internet and Security Agency has advised the public to avoid clicking on smishing messages, or SMS phishing messages, and to report such activities to the agency.