제 26 호 When Your Security Isn't Safe: The SKT Hacking Scandal
- 작성일 2025-06-02
- 좋아요 Like 0
- 조회수 147
Kicker: COVERSTORY
When Your Security Isn't Safe:
The SKT Hacking Scandal
By Ji-Won Choi, Reporter
In April 2025, a data breach occurred at SK Telecom, exposing customers' USIM information. As the leading telecommunications provider in South Korea, the fact that SKT's security system was compromised came as a major shock to the public. Users felt betrayed, having believed that their personal information was secure. This incident was not merely a case of personal data leakage, but a stark revelation of vulnerabilities in the nation's overall cybersecurity infrastructure.
그림1 Citizens Lining Up for Free USIM Replacement
Circumstances of the Incident
On April 18, 2025, abnormal traffic was detected at SKT’s Network Infrastructure Center, marking the beginning of the incident. The Information Security Office reported the situation to the Infrastructure Operations Division, and further investigation revealed traces of malicious code activity, abnormal logs, and file deletion records on the billing analysis equipment. Analysis showed that the malware had used an advanced technique that bypassed firewalls to avoid detection.
By April 19, a full-scale forensic investigation confirmed that critical data required for USIM activation and authentication had been leaked externally. The compromised data included phone numbers, International Mobile Subscriber Identity (IMSI) numbers, and subscriber authentication keys.
Delayed Reporting
According to the Information and Communications Network Act, any breach must be reported to the Ministry of Science and ICT or KISA within 24 hours of detection. However, although SKT detected abnormal activity on April 18, the company did not report the incident until April 20, after confirming the data leak. Controversy arose when KISA regarded SKT’s internal report date—April 20—as the official time of detection, concluding that the legal reporting deadline had not been missed.
Official Announcement and Countermeasures
On April 22, SKT officially acknowledged the leak of USIM information. In response, the company quickly implemented a series of countermeasures. Starting April 23, SKT sent out text messages to all customers, guiding them to enroll in the “USIM Protection Service.” On April 25, the company announced a policy to provide free USIM replacements for all customers. Additionally, the USIM Protection Service was made available free of charge, helping to block the use of cloned USIMs on unauthorized devices. However, on April 28—the first day of the free USIM replacement service—stock shortages led to long wait times, leaving many customers unable to replace their USIMs despite the inconvenience.
Problems
The main issue in this incident lies in the structural vulnerability of SK Telecom’s internal security system. The absence or malfunction of a web application firewall failed to prevent malicious code from being installed on the server, and the server was configured to allow directory uploads. This indicates a failure to comply with even the most basic security protocols.
A professor of information security at Soonchunhyang University commented, “A web application firewall (WAF) is the most basic form of protection. Failing to properly implement it constitutes serious negligence and cannot be dismissed as a simple technical oversight.”
In addition, SK Telecom’s initial response to the incident was inadequate. Even after detecting abnormal signs, the company failed to take immediate actions such as isolation or blocking. This significantly damaged customer trust.
Damage and Current Status
According to the first report released on April 29 by a joint government-private investigative team, the leaked information alone was not deemed sufficient to cause immediate damage. However, 9,000 SKT subscribers filed a lawsuit demanding a total of 4.6 billion KRW (approximately 3.3 million USD) in compensation. As a result of the scandal, SKT's stock price dropped by as much as 8.5%, marking its largest decline since 2020. In response, the government ordered a comprehensive review of the security systems across all telecom providers.
Precautions for SKT Users
If you are currently an SKT user, it is recommended to take the following actions: First, visit a nearby SKT service center or make an online reservation to replace your USIM card.
Second, sign up for the free USIM Protection Service, which can be done through the T world app or website. Lastly, to prevent secondary damage, avoid opening suspicious messages or clicking on unknown links.
This incident is not merely a technical failure, but a revelation of the structural limitations within the company’s overall security system. SKT’s security management is largely outsourced, resulting in a lack of control over critical processes such as USIM manufacturing and authentication. Therefore, this case underscores the urgent need for a fundamental overhaul of corporate security culture.
Sources:
https://www.hankyung.com/article/202505130337g
https://m.boannews.com/html/detail.html?idx=137079
https://m.boannews.com/html/detail.html?tab_type=1&idx=137089
https://www.bbc.com/korean/articles/ceqrd9p9wdyo