South Korea’s largest mobile operator, SK Telecom, has come under heavy scrutiny after a serious data breach affected millions of users. Following a detailed investigation, the South Korean government has decided to impose penalties on the company for negligence in handling customer information and failing to act quickly after the breach.
The investigation revealed that malware had infected 28 of SK Telecom’s servers out of over 42,000 in total. These infected servers were found to contain as many as 33 different types of malicious software. As a result, sensitive information from about 27 million user records was compromised. The leaked data included USIM card details, phone numbers, IMSI numbers, ICCID codes, and even mobile authentication keys.
Authorities said that SK Telecom was slow in reporting the breach. Under South Korean law, companies are required to notify the government within 24 hours of discovering a data breach. However, SK Telecom delayed this notification, which contributed to the government’s decision to fine the company and impose stricter measures.
As a penalty, the South Korean Ministry of Science and ICT has fined SK Telecom up to ₩30 million (about US $22,000). But more importantly, the company has been officially labelled as “negligent” in its handling of the situation. The government believes SK Telecom failed to properly protect its users’ data and respond effectively once the threat was identified.
In addition to the fine, the government has ordered the company to take several corrective steps. SK Telecom will now be required to conduct quarterly security audits. The company’s CEO must also take direct responsibility for data protection by overseeing its entire security process. Furthermore, SK Telecom is being told to expand both its cybersecurity team and budget to prevent such incidents from happening again.
To help affected customers, SK Telecom has also been instructed to provide free USIM card replacements. So far, nearly 9.4 million cards have been replaced at retail stores. The company is also required to waive penalties for customers who want to cancel their contracts early due to the breach.
In response, SK Telecom has launched a major plan to rebuild trust and strengthen its cybersecurity. The company announced that it will invest ₩700 billion (roughly US $513 million) over the next five years to improve its data protection systems. This investment includes both technical upgrades and staff training.
SK Telecom has also offered a 50% discount on customer bills for the month of August as a way to apologize for the breach and compensate users. This discount will be applied to around 24 million customers across the country.
Top executives at the company, including CEO Ryu Young-sang and SK Group Chairman Chey Tae-won, have publicly apologized for the incident. They took full responsibility and promised that such an event would never happen again. The CEO acknowledged the company’s failures and pledged stronger leadership in data governance going forward.
As a result of the breach, SK Telecom has had to revise its earnings forecast. The company expects to lose around ₩800 billion (approximately US $583 million) this year due to the costs associated with the breach, including system upgrades, customer compensation, and reputational damage.
South Korea’s Minister of Science and ICT, Yoo Sang-im, said the incident is a wake-up call for all telecom companies in the country. He emphasized the need for stronger cybersecurity policies and better protection of personal information, especially as technology continues to evolve.
This breach has drawn attention not only in South Korea but globally, as telecom and tech companies around the world are under increasing pressure to safeguard user data. The SK Telecom case is likely to set a strong example for how governments will respond to corporate data negligence in the future.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
