As concerns spread in South Korea over a cyberattack targeting SK Telecom on April 18 that led to the possible leak of customers' SIM card information, experts have warned of the need to strengthen regulations related to cybersecurity and personal information protection.
SK Telecom Vice President Ryu Jeong-hwan admitted during a hearing before the National Assembly's Science , Information, Broadcasting and Communications Committee that the SIM card data was not encrypted at the time the malware entered the system.
Mr. Ryu added that the encryption of SIM card information is not currently regulated by law. Under current law, the international mobile subscriber identity (IMSI) number and subscriber authentication key, information stored in the USIM chip, are not required to be encrypted.
Currently, under the "Personal Information Security Assurance Standards," South Korea only requires encryption and storage for seven specific types of personal information, including: Resident Registration Number (similar to ID card number), passport number, driver's license number, alien registration number (residence card), credit card number, bank account number, and biometric information.
However, with the rapid development of information technology, the scope of information that mobile network operators and platform companies collect in the process of providing services is increasingly expanding. This inadvertently creates attractive targets for cyber attackers.
The Ministry of Science and Technology of South Korea said that the National Intelligence Service and the Korea Internet and Security Agency (KISA) have jointly conducted a comprehensive investigation to determine the severity of the SIM card information leak at SK Telecom.
Data from the Ministry of Science and ICT showed that SK Telecom's home subscriber server (HSS) system and subscriber authentication key storage system, which were attacked on April 18, are not designated as national important information and communications infrastructure and therefore do not require special protection.
Following what is considered the most serious SIM card information leak ever, SK Telecom, South Korea's largest mobile carrier, has offered a free SIM card exchange service to all subscribers nationwide.
SK Telecom currently serves about 23 million subscribers and manages an additional 1.87 million users through mobile virtual network operators (MVNOs) operating on its network.
According to an announcement from SK Telecom, the leaked information mainly involved data on users' SIM (USIM) cards, including phone numbers and device identifiers (IMEI).
The company confirmed that more sensitive information such as ID numbers, dates of birth, and payment account numbers were not among the leaked data.
However, the Ministry of Science and Information Technology is still continuing to check to verify whether any other personal data was stolen.
Professor Yeom Heung-yeol of the Department of Information Security at Soonchunhyang University said that encryption can be difficult due to the carrier's real-time data processing requirements.
However, with the dramatic increase in computing performance today, it is probably necessary to apply encryption at some appropriate level.
In particular, it is necessary to include the server systems of mobile network operators in the government 's security analysis through amending the Information and Communications Network Protection Act or decrees guiding the implementation of this law.
The SK Telecom cyber attack is considered one of the most serious information leaks ever recorded in South Korea, when hackers infiltrated and leaked information of a portion of its 23 million mobile subscribers.
The incident forced the Ministry of Science and ICT of South Korea to quickly establish an emergency response team, coordinating with the Korea Internet Security Agency (KISA) to conduct an investigation at SK Telecom's headquarters on April 22.
This cyber attack is causing much concern in public opinion.
The Financial Supervisory Service of Korea has advised banks and related financial institutions to consider using additional authentication methods in addition to the conventional mobile verification method.
Some insurance companies have also temporarily suspended mobile device-based authentication services linked to SK Telecom users./.
Source: https://www.vietnamplus.vn/han-quoc-lo-bao-mat-thong-tin-gia-tang-sau-vu-tan-cong-mang-vao-sk-telecom-post1036454.vnp
![[Photo] National Assembly Chairman Tran Thanh Man receives Chairman of Morocco-Vietnam Friendship Association](https://vphoto.vietnam.vn/thumb/402x226/vietnam/resource/IMAGE/2025/7/26/b5fb486562044db9a5e95efb6dc6a263)
Comment (0)