Seoul: Ryu Young-sang, chief executive officer (CEO) of SK Telecom Co., announced that the company is preparing for the worst-case scenario following a cyberattack that may have compromised the universal subscriber identity module (USIM) data of all 25 million of its subscribers.
According to Yonhap News Agency, during a parliamentary session, Ryu responded to a query from Rep. Choi Soo-jin about the potential leak of customer data, stating, "In the worst-case scenario, we are bracing for it." The cyberattack, detected on April 18, showed signs of a large-scale leak, marking what Ryu acknowledged could be the most severe hacking incident in South Korea's telecommunications history.
SK Telecom, the primary mobile carrier in South Korea, serving half of the nation's 50 million population, faced criticism for the delay in reporting the breach. The company reported the incident to the Korea Internet and Security Agency (KISA) two days after detection, surpassing the legally mandated 24-hour notification requirement. Ryu admitted there were "procedural issues" in the reporting process.
In response to the incident, SK Telecom has pledged to take immediate action, including offering a free replacement of USIM chips for all users upon request to prevent potential misuse. Additionally, the company has encouraged subscribers to register for its USIM Protection Service, which claims to offer the same level of protection against illegal financial activities as replacing the USIM card.
The incident has prompted the Personal Information Protection Commission to investigate whether SK Telecom had adequate security protocols in place to safeguard the USIM data on its main server.