SK Telecom continues to deal with the substantial consequences of a data breach affecting its 23 million customers.
In early April, the telecom reportedly discovered signs of a massive leak of customers’ universal subscriber identity module (USIM) data due to a cyberattack. They offered free replacement of the USIMs to all their 23 million users, vowing to take full responsibility.
The government is making sure of that, it seems. In May, the data protection regulator ordered the carrier to send individual notifications to everyone affected and to provide protection for vulnerable groups.
The carrier will also be fined because it did not report the incident within 24 hours, in violation of the Information and Communications Network Act. The fine for that could be up to 30 million won under Article 76. (USD $22,000.00).
Now, to add to its financial woes, the carrier has been ordered to waive any cancellation fees for disgruntled consumers who opted to switch carriers as a result of the breach because SK Telecom was negligent in protecting the SIM card information. More than 660,000 customers canceled last month and switched to a competitor.
But there is more ahead. The government is also reportedly launching a criminal investigation into SK Telecom’s incident response because it did not comply with a data preservation order during the regulator’s investigation.
Capacity reports:
The Ministry of Science and ICT had told SK Telecom to save data for analysis, but the company handed over two servers in a state that made proper investigation “impossible”, as a result, the government plans to ask for a criminal investigation.
The government’s investigation also discovered that the first malware infection may have started in August 2021, earlier than the previous estimate of June 2022.