The privacy watchdog in South Korea has fined SK Telecom a record ₩134.5 billion ($97 million) after discovering that the mobile behemoth made many mistakes that left its network vulnerable to hackers.
The case is related to a breach that was made public in April, when SK Telecom acknowledged that hackers had stolen over 27 million members’ universal subscriber identity module (USIM) data. To put that into perspective, there are just over 50 million people living in the entire nation. By providing free SIM replacements to impacted consumers, the carrier attempted to lessen the impact, but authorities sensed a broader problem and opened a full-scale investigation into the leak.
According to the Personal Information Protection Commission (PIPC), the biggest and the oldest carrier in the entire country “did not even implement basic access controls” between its internal management network as well as internet-facing systems. Consequently, attackers were able to breach SKT’s core systems, siphon off subscriber data at scale, and obtain authentication details.
In accordance with the privacy watchdog, the breach caused damage to roughly 23 million users, which is roughly 45% of the entire population of the country, which makes the impact significantly smaller than what SK Telecom originally announced.
SKT was unsuccessful at practically every single line of defense, according to the investigation of regulator. The corporation allegedly missed unusual activity while attackers surreptitiously mapped out the operator’s infrastructure because it neglected to review logs from intrusion detection systems. The PIPC investigation revealed a particularly troubling discovery: administrators had left thousands of server credentials on a management network server in plaintext.
Based on the statement given by regulator, there were approximately 4,899 consumers along with passwords for 2,365 servers which were just lying there, without ever having a password safeguarding access to Home Subscriber Server (HSS) databases.
It is easy to speculate as to what transpired next. It seems that attackers obtained unauthorized access to the servers of the organization, installed malware, and then executed direct inquiries to the HSS database utilizing the account details they had previously obtained. Without even raising an eyebrow, monitoring teams of SKT successfully managed to look into and collect subscriber information from that moment on.
The regulator also pointed up cryptography-related issues. It was discovered that SKT’s databases had over 26 million unencrypted USIM authentication keys, or “Ki” values that are used to validate subscribers and provide mobile services. That error would have given hackers the ability to duplicate SIM credentials, increasing the risk of widespread identity theft or cloned devices using authentic accounts.
The PIPC stated in its conclusion that:
“The security operating environment between the internet and the internal network was managed and operated in a state that was very vulnerable to illegal intrusion”.
SKT has been ordered to put in place a number of corrective measures, such as stronger access controls, adequate encryption, and real-time monitoring of its intrusion detection systems, in addition to the astronomical penalties. According to the PIPC, the severity of the violations and the volume of private data at risk were both represented in the penalty’s magnitude.
The PIPC’s decision serves as a warning that telecom firms are valuable targets for hacking and espionage, and regulators are growing impatient when operators skimp on essentials. It also adheres to global warnings. According to a story published yesterday by The Register, the Chinese state-sponsored team Salt Typhoon, that has been penetrating into international telecom routers since at least 2019, keeps wreaking havoc inside corporate networks.
The distinction here is that SKT was burnt without the necessity for a nation-state APT. The regulator in South Korea asserts that reckless behaviors were more than enough to let hackers to gain access and steal subscriber data.
 after discovering that company left its network vulnerable to hackers.){kind=link}