SK Telecom, South Korea’s largest mobile carrier with over 23 million subscribers, has become the latest target of a cybersecurity breach that compromised certain user data related to USIM cards. The incident, which has sparked widespread concern and government intervention, underscores the growing risks associated with telecommunication infrastructure and personal data security.
A USIM (Universal Subscriber Identity Module) is a smart card used in mobile devices to securely store user credentials, including phone numbers and encryption keys that authenticate the user to a mobile network. If a USIM is hacked, attackers can potentially clone the card, impersonate the user, intercept calls or messages, and gain unauthorized access to mobile services, posing serious threats to privacy and security.
Timeline and scope of the breach
According to SK Telecom, the breach was detected at approximately 11:40 PM on April 19, when malicious code infiltrated the company’s systems and led to the exposure of certain USIM-related information. While the full extent of the leaked data is still under investigation, it has been confirmed that unique identifiers tied to individual USIM cards were affected. More sensitive data—such as names, resident registration numbers, and mobile phone numbers—is still being examined for potential exposure.
The compromised system is reportedly a server that authenticates devices for 4G and 5G users during voice calls, indicating a core vulnerability in the telecom provider’s infrastructure.
Company response and user notification issues
Upon discovering the breach, SK Telecom claims it promptly removed the malicious code and isolated the suspected systems. The company filed a report with the Korea Internet & Security Agency (KISA) the following day and notified the Personal Information Protection Commission of the potential data leakage.
However, SK Telecom faced backlash for its initial lack of proactive communication with its users. Rather than sending direct SMS notifications, the company initially disclosed the incident only through its website and app (T World). Users criticized the telecom provider for not using more direct channels to alert them to the potential risk.
In response to the criticism, SK Telecom has since committed to sending out SMS messages to all subscribers, informing them about the breach and encouraging them to enroll in its USIM protection service. This service, which is now offered for free via the company’s website and app, is intended to help safeguard users against further USIM-related threats such as illegal device cloning or unauthorized authentication attempts.
Government action and ongoing investigations
In light of the incident’s seriousness, the Ministry of Science and ICT (MSIT) formed an emergency response team headed by its Director of Network and Information Protection Policy. According to the ministry, it dispatched investigators to SK Telecom’s headquarters to conduct an on-site inspection and demanded the preservation and submission of all relevant materials.
If evidence emerges indicating negligence in SK Telecom’s security management, the ministry may issue corrective orders. The government has also stated that it will consider assembling a joint public-private task force to analyze the breach in greater depth and develop measures to prevent future occurrences. Similar task forces have been established six times between 2014 and 2023 for other cybersecurity incidents.
The MSIT has also initiated daily consultations with chief information security officers from other major telecom providers, including KT and LG Uplus, to monitor for unusual activity and preempt any cascading threats.
Concerns around USIM vulnerabilities
The breach has reignited debate around the vulnerabilities of USIM technology, especially considering that these chips serve as the backbone of user identity verification in mobile networks. If exploited, the data contained within a USIM can be used for device cloning, fraudulent authentication, or unauthorized access to telecommunication services.
While SK Telecom insists that there have been no confirmed cases of misuse involving the leaked information, experts caution that even limited exposure of USIM data can pose serious threats. Users of budget mobile services (MVNOs) that rely on SK Telecom’s network have also expressed concern, given the possibility that their USIM data could be stored on the same compromised infrastructure.
In response to concerns about the new USIM protection service requiring roaming deactivation, SK Telecom stated it plans to enhance the system so that roaming can remain enabled while protection is active, with updates expected within the first half of the year.
As the investigation progresses, SK Telecom has pledged to strengthen its cybersecurity protocols and increase transparency with its users. In a public apology, the company vowed to prevent such incidents from recurring and to prioritize the protection of customer data.
For now, the focus remains on identifying the precise origin of the attack, evaluating the total scope of the breach, and ensuring that affected users are properly informed and protected.
Editor’s note: This article was initially written by ChatGPT-4o based on the author’s specific instructions, which included news judgment, fact-checking, and thorough editing before publication.
