In April 2023, South Korea’s leading telecommunications company, SK Telecom (SKT), experienced a significant cyberattack that compromised the personal information of roughly 23 million customers, nearly half of the nation’s population. At a recent National Assembly meeting in Seoul, SKT CEO Young-sang Ryu revealed that around 250,000 customers have already left for rival providers. He predicted this number could surge to 2.5 million if the company decides to waive cancellation fees.
Ryu discussed the potential financial repercussions of this decision, indicating that SKT could incur losses of up to $5 billion over the next three years if early contract cancellations are allowed without fees. A spokesperson for SKT described the incident as the most severe security breach in the company’s history and stressed the commitment to minimise customer impact. They noted that a joint investigation is underway to determine the root cause and assess the extent of the breach.
The Personal Information Protection Committee of South Korea confirmed that the hackers accessed a variety of sensitive data, including mobile phone numbers, unique identifiers, and USIM authentication keys. This data breach raises concerns about possible SIM swapping attacks and threats to user privacy. In response, SKT has begun offering free SIM card replacements and enhanced security measures to protect its customers following the incident, which they detected on April 19 when unusual activities were logged in their home subscriber server.
Subsequent investigations revealed that the initial data breach might be tied to vulnerabilities in Ivanti VPN systems, suspected to be exploited by a state-sponsored group linked to China. This breach has affected various sectors across multiple countries, including Australia and Taiwan. By early May, investigators found additional malware connected to the incident, prompting a deeper inquiry into the breadth of the attack.
As part of the recovery process, SKT has enrolled many of its affected users into a SIM protection service while preparing a comprehensive fraud detection system to thwart unauthorized access via cloned SIM cards. SKT is also reviewing how to manage cancellation fees for customers impacted by the breach.
As of early May, no verified instances of misused customer data have emerged on the dark web or other platforms, according to company representatives. The public and private sectors continue to collaborate on this investigation to ensure consumers’ safety and trust in telecommunications.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
