Seoul: SK Telecom Co. announced that approximately 280,000 users have obtained new universal subscriber identity module (USIM) chips through its complimentary replacement service, initiated in the wake of a recent hacking incident.
According to Yonhap News Agency, as of 9 a.m., around 4.32 million users have also scheduled USIM replacements online. The replacement service began at 10 a.m. on Monday, with about 2,600 retail stores nationwide participating in the effort. Approximately 25 million SK Telecom subscribers, including nearly 2 million budget phone users, qualify for this replacement service.
The initiative follows a cyberattack detected on April 18, during which SK Telecom identified signs of a substantial leak of customers' USIM data. In response, the company pledged swift action and launched the replacement program. Authorities suspect the data was leaked from SK Telecom's main server, despite the company's denial of this claim.
Choi Jang-hyuk, vice chairperson of the Personal Information Protection Commission, expressed skepticism over SK Telecom's denial. He suggested it would be appropriate to consider the leak as originating from the main server. The watchdog is investigating whether adequate security measures were in place for the server that stored USIM data, though details of the probe remain undisclosed.
SK Telecom is likely to face a hefty fine, potentially exceeding the 6.8 billion won (US$4.7 million) penalty imposed on LG Uplus Corp. in 2023 for a data leak. With recent legal revisions, companies can be fined up to 3 percent of their total sales, excluding revenues unrelated to the violation.
The telecom giant has also urged subscribers to enroll in its USIM Protection Service, which offers a level of defense against illegal financial activity equivalent to replacing the USIM card. So far, approximately 8.72 million users have registered for this protection service.
Combined with replacements and reservations, 13.31 million users have taken protective measures, SK Telecom reported. The company emphasized that no financial incidents, such as unauthorized transfers, have been reported using the stolen data.
Despite these assurances, cybersecurity experts warn that hackers could still misuse the stolen USIM information for phishing attacks via text messages, KakaoTalk, or email. The Korea Internet and Security Agency has advised the public to avoid clicking on smishing messages, or SMS phishing messages, and to report such activities to the agency.