SEOUL, August 28 (AJP) - South Korea’s privacy watchdog has imposed a record fine on SK Telecom after a massive data breach that exposed the personal information of more than 23 million mobile subscribers.
The Personal Information Protection Commission said on Thursday that it decided to levy a fine of 134.8 billion won, or about $97 million, on the country’s largest wireless carrier.
The breach compromised sensitive information from all 23.2 million users of SK Telecom’s LTE and 5G networks, including customers of its budget mobile affiliates. Data leaked included phone numbers, International Mobile Subscriber Identity codes and authentication keys used in SIM cards, according to the commission.
Investigators said the intrusion began in August 2021, when a hacker infiltrated SK Telecom’s internal network and planted malware on multiple servers.
Nearly a year later, in June 2022, the attacker installed additional malicious software in the company’s Integrated Customer Authentication System, securing deeper access. On April 18 of this year, the hacker extracted 9.8 gigabytes of user data from the company’s subscriber database and leaked it online.
The commission concluded that the breach stemmed from SK Telecom’s failure to enforce basic security practices and negligence in data management.
It also faulted the company for delaying notification to affected users. Under South Korean law, companies must alert customers to leaks within 72 hours of discovery, a requirement SK Telecom did not meet.
Copyright ⓒ Aju Press All rights reserved.
View more comments