On the 19th, attention is focused on SK Telecom's future crisis management and response measures following the hacking attack. Although the company has explained that important information such as customer resident registration numbers was not compromised in this incident, the industry and civic groups are concerned that the leaked subscriber identification module (USIM) related information could be misused in crimes such as identity theft. Given that SK Telecom is the leading mobile carrier in South Korea with 23 million subscribers, it seems inevitable that there will be damage to the corporate brand image depending on the extent of the harm.
Previously, LG Uplus supported USIM replacement costs for customers affected by hacking in 2023, avoiding legal disputes. In contrast, KT did not take any substantial compensation measures in 2012, resulting in a prolonged class-action lawsuit with customers.
◇ Investigation period varies depending on the method of malicious code attack
On the 19th at 11 p.m., SK Telecom became aware of the hacking damage and reported it to the relevant authorities and police. However, the exact timing and scale of the hack, as well as the types of leaked information, are still unclear. Both SK Telecom and the Ministry of Science and ICT are currently investigating the exact cause and status of the incident, keeping their statements regarding the matter to a minimum.
Experts believe that the greater the gap between the actual hacking incident and the recognition of it by the company, the greater the company’s responsibility will be. Yeom Heung-yeol, chair of the Korea Personal Information Protection Chief Officers Council and a professor emeritus at Inha University, noted, "The duration of the investigation depends on how the malicious code disrupted the system. If the malicious code deleted all the paths from which data was leaked, the investigation could take a considerable amount of time."
KT previously suffered a hacking incident in 2014 that leaked personal information of 12 million customers but was unaware of the incident for a year. LG Uplus faced criticism for inadequately concluding investigations without identifying the perpetrators or hacking methods after being attacked in 2023.
Chair Yeom stated, "If key information contained within the USIM has been leaked in an encrypted form, it would be difficult for the hacker to decrypt it. However, if the original data is intact, it would be easy to misuse it for crimes such as sending messages impersonating users." He added, "In the worst case, SK Telecom may have to bear the costs of replacing all users' USIMs." Assuming the cost of a USIM is 1,000 won, it would cost SK Telecom approximately 23 billion won to replace the USIM chips of all 23 million customers.
Civic and consumer groups are calling for measures to be put in place regarding this hacking incident. The People's Solidarity for Participatory Democracy stated, "This is a serious incident that could be exploited for significant criminal acts," and added, "The government must establish a task force for the SK Telecom USIM information leak incident, involving victims' representatives and consumer and civic organizations, to conduct a government-wide investigation of damages, recovery efforts, and prevent recurrence." Jeong Ji-yeon, secretary-general of the Korea Consumer Federation, said, "If it is revealed that security management was inadequate in the results of the authorities' investigation, we will consider plans for a class-action lawsuit."
◇ KT faces lawsuit with customers; LG Uplus offers 10 times fee reduction
There is growing interest among customers regarding SK Telecom's future compensation measures. This is because LG Uplus had previously established and implemented customer compensation plans as a corporation.
In January 2023, LG Uplus experienced a hacking attack that resulted in approximately 300,000 customer information records being publicly disclosed on illegal transaction sites. In February of the same year, internet access issues occurred due to distributed denial of service attacks.
At that time, LG Uplus formed a compensation deliberation committee and decided approximately two months after the incident to reduce fees by 10 times for the hours of internet connection disruption. Up to 710,000 won was paid in cash to PC room operators, and customers concerned about personal information leakage were given free USIM replacements. It is estimated that about 40 billion won was spent on compensation for the DDoS attack damage and about 2.4 billion won on free USIM replacements.
In 2012, KT leaked the personal information of about 8.7 million customers due to a hacking attack. Some customer protection measures were taken, such as providing free USIM protection services, but there was no voluntary compensation like LG Uplus. In response, consumers filed a class-action lawsuit demanding compensation. After a long legal battle, the Supreme Court ruled in 2018 that KT was not at fault, stating it was a technical issue and lacked intent.
A telecommunications industry official said, "LG Uplus, which stepped up to compensate customers, avoided legal disputes and also achieved some recovery of trust in its services, whereas KT's image suffered due to its disputes with customers."
It seems that it will take considerable time for SK Telecom to prepare compensation measures for its customers, as the exact extent of the damage and causes of the incident have not yet been determined.
SK Telecom is cooperating with the investigation by the relevant authorities while implementing initial user protection measures. To prevent customer harm, it is strengthening measures to block abnormal authentication attempts and informing consumers about the free service 'USIM protection.' This service blocks unauthorized access from others who might replicate or steal USIM information to connect to communication services on other devices.
Yang Mo, a 28-year-old SK Telecom subscriber, said, "So far, there has been no text message notification regarding this incident. I am disappointed with the company's response to customers. I will be watching how they compensate in the future."
Lee Eun-hee, a professor in the Consumer Studies department at Inha University, stated, "If SK Telecom references the compensation measures of its past competitors and cases of lawsuits with consumers, it would be helpful in preparing future responses. They should actively work on compensation plans to expect positive effects on recovering their damaged corporate image due to the hacking incident."