SKT's negligence led to massive hacking, ministry confirms
Authorities ordered the company to allow customers to cancel contracts without paying early termination penalties, a move that could potentially cost the telecom giant billions of won.
The Ministry of Science and ICT announced the results of a joint public-private investigation, confirming that hackers first planted malware inside SKT's internal servers on Aug. 6, 2021 — about 10 months earlier than initially estimated.
'SKT failed to fulfill its security obligations to protect subscriber data to deliver secure telecommunication services,' Vice Minister Ryu Je-myung of the Science Ministry said.
A forensic inspection of more than 42,600 servers uncovered 33 types of malware, including 27 BPFdoor variants.
Hackers infiltrated a server connected to SKT's network management system, planting malicious code to gain access to the Home Subscriber Servers and exfiltrate 9.82 GB of USIM subscriber data — covering nearly all of SKT's customers — and amounting to 26.96 million subscriber identifier records.
Investigators also discovered that device identifiers, personal data and call detail records had been stored in plaintext rather than encrypted. While no evidence of leaks was found during periods covered by existing firewall logs, the ministry warned that it could not confirm whether data was exposed during gaps in log records.
Authorities also noted a supply chain vulnerability after discovering malicious code embedded in third-party software used by an SKT vendor. The code was installed on 88 SKT servers, but there was no evidence that it had been executed or led to data leaks.
'SKT detected abnormal server reboots in February 2022 and even discovered malware on one server during an internal check, but did not report the incident to authorities at the time. It violated the notification obligations,' Ryu said.
Ryu also identified weaknesses in SKT's overall cybersecurity posture, including insufficient investment and staff, and a corporate CISO whose responsibilities were limited to IT systems rather than covering the carrier's core networks.
The ministry ordered SKT to adopt multifactor authentication for server access, store firewall and system logs for at least six months, and elevate the CISO role to report directly to the CEO.
They also called for the deployment of advanced endpoint detection and response solutions, regular quarterly security inspections of all assets and full encryption of the USIM authentication keys, which other mobile carriers KT and LG Uplus have already implemented.
The ministry also obligated the company to allow subscribers with time left on their contracts to cancel without penalties. SKT has estimated that if up to 5 million customers decide to leave, combined losses from waived penalties and lost revenue could exceed 7 trillion won.
"This SKT breach is a wake-up call for the entire telecommunications industry and our national network infrastructure. As Korea's top mobile carrier, SKT must prioritize cybersecurity," Science Minister Yoo Sang-im said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Korea Herald
15 hours ago
- Korea Herald
SKT unveils W1tr post-hack plan after government probe
Plan includes waived fees, extra data and Korea's largest telco cyber spend SK Telecom on Friday pledged a sweeping 1 trillion won ($720 million) compensation and cybersecurity initiative, including penalty-free contract cancellations, after a government probe concluded the carrier was negligent in a hacking attack that exposed nearly 10 gigabytes of sensitive subscriber data. 'I offer my deepest and sincerest apologies. I stand here today with profound remorse and reflection,' SKT CEO Ryu Young-sang said, bowing during an emergency press briefing after the government's disclosure of its findings. 'We take the results of the government's joint public-private investigation very seriously and will swiftly implement all corrective actions and additional measures to prevent any recurrence.' Earlier, the Ministry of Science and ICT said SK Telecom failed to adequately protect its systems against an intrusion in April and ordered the company to permit contract cancellations without penalties and reinforce security measures. In response, SKT announced a compensation initiative, which includes 500 billion won worth of benefits for its about 24 million SKT subscribers, and a 700 billion won investment in cyber security over the next five years — the largest such commitment in Korea's telecom sector. The company also accepted the government's order to remove early termination penalties, a move expected to result in significant financial losses. Customers who canceled their contracts after the hacking, or who do so by July 14, will not be required to pay termination fees. In addition, the telecom giant will also automatically apply a 50 percent discount on telecom bills and provide 50GB of additional data per month to all subscribers, including those using budget services on SKT's network, from August to through the end of the year. Noting how it has been offering free USIM replacements and protection services, the company said it will also provide one year of free access to Zimperium's advanced mobile security solution, used by over 2,500 organizations globally. In its five-year security innovation plan, the company said it aims to double its security workforce, contribute 10 billion won to a security ecosystem fund and strengthen partnerships with universities and startups. The company will also elevate the chief information security officer to report directly to the CEO and recruit cybersecurity experts to its board. Before announcing the compensation plan, SKT lowered its full-year revenue forecast to 17 trillion won from 17.8 trillion won and revised its operating profit outlook from an expected gain to a potential loss on a year-on-year basis. 'This forecast reflects the impact of implementing the customer appreciation program worth 500 billion won and broader market conditions,' SKT said.
Korea Herald
16 hours ago
- Korea Herald
SKT's negligence led to massive hacking, ministry confirms
The South Korean government concluded Friday that SK Telecom failed to take proper action to prevent its massive hacking attack, leaking about 10 gigabytes of sensitive subscriber data as early as August 2021. Authorities ordered the company to allow customers to cancel contracts without paying early termination penalties, a move that could potentially cost the telecom giant billions of won. The Ministry of Science and ICT announced the results of a joint public-private investigation, confirming that hackers first planted malware inside SKT's internal servers on Aug. 6, 2021 — about 10 months earlier than initially estimated. 'SKT failed to fulfill its security obligations to protect subscriber data to deliver secure telecommunication services,' Vice Minister Ryu Je-myung of the Science Ministry said. A forensic inspection of more than 42,600 servers uncovered 33 types of malware, including 27 BPFdoor variants. Hackers infiltrated a server connected to SKT's network management system, planting malicious code to gain access to the Home Subscriber Servers and exfiltrate 9.82 GB of USIM subscriber data — covering nearly all of SKT's customers — and amounting to 26.96 million subscriber identifier records. Investigators also discovered that device identifiers, personal data and call detail records had been stored in plaintext rather than encrypted. While no evidence of leaks was found during periods covered by existing firewall logs, the ministry warned that it could not confirm whether data was exposed during gaps in log records. Authorities also noted a supply chain vulnerability after discovering malicious code embedded in third-party software used by an SKT vendor. The code was installed on 88 SKT servers, but there was no evidence that it had been executed or led to data leaks. 'SKT detected abnormal server reboots in February 2022 and even discovered malware on one server during an internal check, but did not report the incident to authorities at the time. It violated the notification obligations,' Ryu said. Ryu also identified weaknesses in SKT's overall cybersecurity posture, including insufficient investment and staff, and a corporate CISO whose responsibilities were limited to IT systems rather than covering the carrier's core networks. The ministry ordered SKT to adopt multifactor authentication for server access, store firewall and system logs for at least six months, and elevate the CISO role to report directly to the CEO. They also called for the deployment of advanced endpoint detection and response solutions, regular quarterly security inspections of all assets and full encryption of the USIM authentication keys, which other mobile carriers KT and LG Uplus have already implemented. The ministry also obligated the company to allow subscribers with time left on their contracts to cancel without penalties. SKT has estimated that if up to 5 million customers decide to leave, combined losses from waived penalties and lost revenue could exceed 7 trillion won. "This SKT breach is a wake-up call for the entire telecommunications industry and our national network infrastructure. As Korea's top mobile carrier, SKT must prioritize cybersecurity," Science Minister Yoo Sang-im said.
Korea Herald
17 hours ago
- Korea Herald
Seoul mayor promotes public housing scheme to global counterparts
Seoul Mayor Oh Se-hoon on Thursday promoted the South Korean capital's flagship long-term rental and public housing schemes focused on catering to newlyweds, to more than 60 city leaders at the World Cities Summit Mayors Forum, the Seoul Metropolitan Government said Friday. Oh argued that innovative public housing can temper runaway housing costs and help sustain a rebound in the country's declining birth rate, at the biennial forum, hosted by Singapore's urban redevelopment authority, held at Vienna City Hall from July 2-4. Vienna earned hosting rights as the 2020 Lee Kuan Yew World Cities Prize laureate. Opening the session on housing supply, Oh spotlighted 'SHIFT,' Seoul's long-term public lease system that lets residents lease apartments for up to 20 years at roughly 80 percent of market rates. The model, which won a UN-Habitat Special Scroll of Honor in 2010, has 'resulted in more children per household than conventional public rentals,' the mayor told delegates. He then shed light on 'Mirinae Home,' an upgraded scheme for newlyweds that links lease terms and purchase discounts directly to family size. Couples who have one child can maintain lease contract for two decades, while those with two children may buy the unit at a 10 percent discount and families with three children at 20 percent below market value. Seoul plans to boost Mirinae supply to at least 4,000 units a year beginning in 2026. "High-density Seoul with small land cannot meet demand by simply building new stock,' Oh said at the forum. "The city also acquires aging private homes for remodeling and leases private units on bulk contracts." Roughly 70 percent of its 433,000 public rentals have been secured through these channels, Oh said, pushing Seoul's public-rental share from 5.3 percent in 2010 to 11.2 percent last year.
