The SKT hacking and the leak of personal information of 26.95 million people are at a more serious level than the announced incident.

The hacking incident involving SK Telecom (SKT) has been revealed to be much more serious than initially announced, and a ripple effect is expected. The joint investigation team announced the results of their second investigation on the 19th, revealing that the number of infected servers has surged from 5 to 23, and that over 26.95 million pieces of personal information have been leaked. Additionally, the possibility of a further leak of approximately 290,000 device-specific identifiers (IMEI) has been confirmed, adding to the gravity of the situation. The investigation team confirmed that a total of 23 servers were infected with malicious code, which is more than four times the 5 servers reported in the first announcement. The scale of the leaked information is also shocking. It was confirmed that approximately 26,957,749 pieces of information were leaked based on subscriber identification numbers (IMSI). This number far exceeds the total number of SKT subscribers, including SIM cards installed in smartwatches and IoT devices. Particularly, the previously announced statement that IMEI information was not leaked has been challenged, as new evidence shows the possibility of leakage. Among the infected servers, two were found to contain 291,831 IMEI numbers along with sensitive personal information such as names, birth dates, phone numbers, and emails. An examination of SKT’s security investment reveals that this incident was foreseeable. SKT’s security investment in 2024 was only 60 billion won, which is just one-tenth of the 600 billion won allocated for AI projects that year. This amount is less than half of the 121.8 billion won invested by its competitor KT. The security investment per subscriber also shows a stark difference: SKT 2,400 won, KT 6,700 won, and LG Uplus 4,000 won. While SKT reduced its security investment by 4.4% from 2022 to 2023, KT and LG Uplus increased theirs by 19.2% and 116.4%, respectively. Structural issues within SKT’s security system have also been exposed through this incident. Although a Chief Information Security Officer (CISO) existed, actual network security authority was held by the Infrastructure Security Team under the Network Operations Division, with the CISO limited to policy roles. Furthermore, SKT has not held a single major information security meeting this year. Despite Trend Micro, a global security firm, warning of potential BPF door attacks targeting Korean telecom companies in July and December 2024, SKT failed to recognize these warnings. The investigation team revealed that a total of 25 types of malicious codes were discovered. The initial malware infection is estimated to have occurred on June 15, 2022. Given the prolonged hacking attack over three years and the extensive damage, there are calls for measures to be taken at the national security level, beyond individual companies. SK Group Chairman Chey Tae-won admitted after the incident that “up to now, security has been considered solely within the ICT sector, relying only on dedicated teams.” SKT remains passive about expanding security investments, stating, “We will establish plans after the joint investigation team’s findings are released.” This incident is seen as a clear example of SKT, as Korea’s leading telecom provider, revealing the limitations of its management philosophy, which perceives security merely as a cost.

===============================

It turns out that information was being leaked for three years due to a security breach.

All those phishing calls and personal information leaks were coming from the telecommunications companies..

They say that the SIM card protection service is meaningless. They say I have to change my phone as well.

It's frustrating.