SKT, the first abnormal recognition was on the 18th... Violated regulations by reporting hacking within 24 hours

SK Telecom [017670] was aware of the hacking attack earlier than the day before, when they recognized the theft of customer information on the 19th, and it was found that they violated the regulation requiring reporting within 24 hours of incident awareness.

 

According to data submitted by K Telecom to the National Assembly's Science, Technology, Information, Broadcasting, and Communications Committee on the 24th, the company first became aware on the 18th at 6:09 PM that internal system data had unintentionally moved.

 

On the same day at 11:20 PM, we internally confirmed the discovery of malicious code and a hacking attack, and on the following day, the 19th at 1:40 AM, we began analyzing which data had been exfiltrated.

SK Telecom, after analyzing what kind of data was leaked, confirmed around 11:40 PM on the same day, 22 hours later, that some information related to user SIM cards had been leaked due to malicious code by hackers.

SK Telecom is suspected of delaying reporting after discovering a hacking attack and reporting it to the Korea Internet & Security Agency (KISA).

The report from SK Telecom to KISA was made at 4:46 PM on the 20th, which is 45 hours after the initial awareness of the incident at 6:00 PM on the 18th.

Even based on the time of 11:20 PM on the 18th, which was considered a hacking attack, the report was made just over a day later.

The Information and Communications Network Act stipulates that providers of information and communication services must report to the Minister of Science and ICT or KISA within 24 hours of becoming aware of a security breach, including details such as the date and time of the incident, causes, and extent of damage.

KISA also announced that SK Telecom violated the regulation requiring reporting of hacking attacks within 24 hours to Minister Choi's office.

Regarding this, SK Telecom explained, "Considering the seriousness of the issue, the delay in reporting the cyber intrusion incident was due to a more thorough investigation of the minimal causes and damages necessary for reporting, and there was no intentional delay."

Meanwhile, SK Telecom is providing a SIM card protection service to prepare for situations where hackers create cloned phones using leaked SIM card information to cause financial damage. It has been identified that users who have not subscribed to this service are also exposed to security vulnerabilities, raising concerns.

SK Telecom explained that for users who have not applied for the SIM card protection service, if their mobile phone remains turned on, the device control may not be seized by hackers, but if the phone is turned off or switched to airplane mode, this may not be the case.

If the mobile phone turns off or switches to airplane mode, there is a possibility that hackers could hijack access rights through the SIM card information.

However, those who have applied for the SIM card protection service are not exposed to these risks.

SK Telecom stated, "Even if the mobile phone is turned off, we are doing our best to block illegal SIM card device changes through the abnormal authentication attempt blocking system (FDS)."

Commissioner Choi said, "Since the SK Telecom hacking incident occurred, consumer concerns have been increasing. We will prepare measures at the national assembly level to prevent the spread of damage caused by security breaches and to prevent recurrence."

 

===========================================

 

It's really frustrating that our country's largest telecommunications company is behaving like this...

 

This is why my security gets compromised, I use my phone normally, then I get activation texts and money gets taken... that's how it goes.

 

It seems that legislation should be introduced to ensure that both telecommunications companies and bank banking programs can be compensated if legal issues arise.