On the 19th, SK Telecom, which suffered a hacking attack, was found to have reduced its investment in information security over the past two years. This contrasts with KT and LG Uplus, which have steadily increased their investments in information security after experiencing past hacking damages. Industry criticism suggests that the hacking incident at SK Telecom can be blamed on the passive network security investments during the leadership of Ryu Young-sang, labeling it a 'man-made disaster.'
According to the Korea Internet and Security Agency and industry sources on the 23rd, SK Telecom's investment in information security last year was about 60 billion won, a decrease of about 4% compared to 62.7 billion won in 2022. This is less than half of the 121.8 billion won SK Telecom invested in information security last year. It also falls short of LG Uplus's investment in information security last year (63.2 billion won).
In particular, this stands in stark contrast to the approximately 19% increase in information security investment by KT and about a 116% increase by LG Uplus last year. At that time in 2022, KT's investment in information security was 102.1 billion won, while LG Uplus's was about 29.2 billion won.
KT and LG Uplus have focused on investing in information security because of their painful experiences from past hacking attacks. LG Uplus suffered a hacking attack in January 2023, leading to the illegal transaction of nearly 300,000 customer information on trading sites. At that time, the Personal Information Protection Commission imposed a penalty surcharge of 6.8 billion won and fines of 27 million won on LG Uplus.
KT also experienced an incident in 2012 when the hacking of its sales system network resulted in the leak of personal information of over 8.3 million individuals. KT had also caused a personal information leak involving 12 million individuals in 2014.
An industry official noted that 'SK Telecom's complacency, believing it had never suffered damage from hacking attacks, led to reduced investment in information security.' He said, 'Under Ryu Young-sang's leadership, the focus on investing in artificial intelligence (AI) resulted in neglecting information security investments, which has become a painful mistake.'
Critics also argue that while SK Telecom has increased its research and development (R&D) expenditures for new businesses like AI, it has been stingy in investing to protect customer information. Last year, SK Telecom's R&D expenditure was 392.8 billion won, 2.7 times that of LG Uplus (142.6 billion won) and 1.8 times that of KT (211.7 billion won).
On the 19th at around 11 p.m., SK Telecom discovered signs that some customer information related to their subscriber identification devices (USIM) had been leaked due to malicious code. SK Telecom stated, 'We immediately deleted the malicious code upon recognizing the possibility of leakage and isolated the suspected hacking equipment.'
According to industry sources, Ryu Young-sang held an emergency executive meeting on the 20th, instructing that 'swift and honest responses are important,' leading to a company-wide response. On the 22nd, Ryu communicated through an internal message, saying, 'I feel deep regret and responsibility regarding this incident,' and urged, 'Please think from the customer's perspective and respond with the best service, as well as recheck security measures in your respective positions.'
As of now, the exact scale of the damage sustained by SK Telecom from this hacking attack has not yet been confirmed.
Meanwhile, SK Telecom operates its wired business through its subsidiary SK Broadband. Even when combining the information security expenses invested by SK Broadband, the increase rate over the past two years is only 0.8%.