SK Telecom to offer free USIM replacement to all customers after network hacking incident
SK Telecom Chief Executive Officer Ryu Young-sang made the announcement during a briefing in Seoul on the hacking incident that occurred last Friday.
"We sincerely apologize for the inconvenience and concern this incident has caused to our customers and the public. As a precautionary measure, we will offer free USIM replacements, including eSIMs, to any customer who requests one," Ryu said.
The replacement service will begin at 10 a.m. Monday. Customers who were subscribed as of last Friday, when the company identified signs of a security breach, can receive replacements at the company's T World stores nationwide and airport roaming centers.
SK Telecom previously confirmed that a malicious code installed by hackers had led to a suspected leak of USIM-related data. The USIM, which stores personal authentication information used to access mobile networks, can be exploited to allow criminals to clone users' identities or intercept text messages.
The company said it is taking the matter seriously and will continue to enhance its data protection measures as investigations proceed. (Yonhap)
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Korea Herald
12 hours ago
- Korea Herald
SKT unveils W1tr post-hack plan after government probe
Plan includes waived fees, extra data and Korea's largest telco cyber spend SK Telecom on Friday pledged a sweeping 1 trillion won ($720 million) compensation and cybersecurity initiative, including penalty-free contract cancellations, after a government probe concluded the carrier was negligent in a hacking attack that exposed nearly 10 gigabytes of sensitive subscriber data. 'I offer my deepest and sincerest apologies. I stand here today with profound remorse and reflection,' SKT CEO Ryu Young-sang said, bowing during an emergency press briefing after the government's disclosure of its findings. 'We take the results of the government's joint public-private investigation very seriously and will swiftly implement all corrective actions and additional measures to prevent any recurrence.' Earlier, the Ministry of Science and ICT said SK Telecom failed to adequately protect its systems against an intrusion in April and ordered the company to permit contract cancellations without penalties and reinforce security measures. In response, SKT announced a compensation initiative, which includes 500 billion won worth of benefits for its about 24 million SKT subscribers, and a 700 billion won investment in cyber security over the next five years — the largest such commitment in Korea's telecom sector. The company also accepted the government's order to remove early termination penalties, a move expected to result in significant financial losses. Customers who canceled their contracts after the hacking, or who do so by July 14, will not be required to pay termination fees. In addition, the telecom giant will also automatically apply a 50 percent discount on telecom bills and provide 50GB of additional data per month to all subscribers, including those using budget services on SKT's network, from August to through the end of the year. Noting how it has been offering free USIM replacements and protection services, the company said it will also provide one year of free access to Zimperium's advanced mobile security solution, used by over 2,500 organizations globally. In its five-year security innovation plan, the company said it aims to double its security workforce, contribute 10 billion won to a security ecosystem fund and strengthen partnerships with universities and startups. The company will also elevate the chief information security officer to report directly to the CEO and recruit cybersecurity experts to its board. Before announcing the compensation plan, SKT lowered its full-year revenue forecast to 17 trillion won from 17.8 trillion won and revised its operating profit outlook from an expected gain to a potential loss on a year-on-year basis. 'This forecast reflects the impact of implementing the customer appreciation program worth 500 billion won and broader market conditions,' SKT said.
Korea Herald
13 hours ago
- Korea Herald
SKT's negligence led to massive hacking, ministry confirms
The South Korean government concluded Friday that SK Telecom failed to take proper action to prevent its massive hacking attack, leaking about 10 gigabytes of sensitive subscriber data as early as August 2021. Authorities ordered the company to allow customers to cancel contracts without paying early termination penalties, a move that could potentially cost the telecom giant billions of won. The Ministry of Science and ICT announced the results of a joint public-private investigation, confirming that hackers first planted malware inside SKT's internal servers on Aug. 6, 2021 — about 10 months earlier than initially estimated. 'SKT failed to fulfill its security obligations to protect subscriber data to deliver secure telecommunication services,' Vice Minister Ryu Je-myung of the Science Ministry said. A forensic inspection of more than 42,600 servers uncovered 33 types of malware, including 27 BPFdoor variants. Hackers infiltrated a server connected to SKT's network management system, planting malicious code to gain access to the Home Subscriber Servers and exfiltrate 9.82 GB of USIM subscriber data — covering nearly all of SKT's customers — and amounting to 26.96 million subscriber identifier records. Investigators also discovered that device identifiers, personal data and call detail records had been stored in plaintext rather than encrypted. While no evidence of leaks was found during periods covered by existing firewall logs, the ministry warned that it could not confirm whether data was exposed during gaps in log records. Authorities also noted a supply chain vulnerability after discovering malicious code embedded in third-party software used by an SKT vendor. The code was installed on 88 SKT servers, but there was no evidence that it had been executed or led to data leaks. 'SKT detected abnormal server reboots in February 2022 and even discovered malware on one server during an internal check, but did not report the incident to authorities at the time. It violated the notification obligations,' Ryu said. Ryu also identified weaknesses in SKT's overall cybersecurity posture, including insufficient investment and staff, and a corporate CISO whose responsibilities were limited to IT systems rather than covering the carrier's core networks. The ministry ordered SKT to adopt multifactor authentication for server access, store firewall and system logs for at least six months, and elevate the CISO role to report directly to the CEO. They also called for the deployment of advanced endpoint detection and response solutions, regular quarterly security inspections of all assets and full encryption of the USIM authentication keys, which other mobile carriers KT and LG Uplus have already implemented. The ministry also obligated the company to allow subscribers with time left on their contracts to cancel without penalties. SKT has estimated that if up to 5 million customers decide to leave, combined losses from waived penalties and lost revenue could exceed 7 trillion won. "This SKT breach is a wake-up call for the entire telecommunications industry and our national network infrastructure. As Korea's top mobile carrier, SKT must prioritize cybersecurity," Science Minister Yoo Sang-im said.
Korea Herald
5 days ago
- Korea Herald
SK Telecom's brand value nosedives after mass data breach: report
SK Telecom relinquishes the telecommunications crown to rival KT The brand value of SK Telecom, the largest mobile carrier in Korea, is believed to have dipped sharply in the second quarter of this year in the wake of a massive hacking attack that was made public in April. The local brand value assessment firm Brandstock on Monday revealed the top 100 brands in the country, in which SK Telecom relinquished its top spot in the telecommunications sector to rival KT Corp. KT's score on the index jumped from 852.6 to 872.9 compared to the previous quarter, moving it up to the 27th overall spot from 41st in the first quarter. SK Telecom's score plummeted from 890.1 in the first quarter to 850.1, placing it second among mobile carriers and 40th overall. It ranked a few spots above LG UPlus, which came third among the telecom companies. SK Telecom said last month that it had lost about 400,000 users since the mass data breach that led to the theft of 9.82 gigabytes of sensitive SIM-related data affecting as many as 26.95 million users, according to a join government-civic investigation announced last month. The a still-unidentified group of hackers is thought to have commenced the cyberattack in June 2022. The unprecedented scale of the data breach has led to user complaints and a subsequent loss of subscribers. But last week's report indicated that SK Telecom has started to regain some of its customers since June 24. In terms of overall rankings of local brands, Samsung Electronics' flagship smartphone brand Galaxy and the mobile messenger application KakaoTalk each maintained their No. 1 and No. 2 spots, with KB Kookmin Bank taking the No. 3 spot, rising a notch. YouTube, the previous No. 3 on the list, fell to No. 4. Apple's iPhone, the biggest rival of the Galaxy lineup, moved up four spots to No. 5, narrowing the gap with its Korean rival.
