The Personal Information Protection Commission recently recommended replacing the USIM or eSIM as a measure to prevent secondary damage related to the personal information leak incident at SK Telecom. Joining a USIM protection service or changing carriers and phone numbers were also suggested as effective countermeasures, whereas replacing devices was confirmed to have little effect.
On the 2nd, the Personal Information Protection Commission announced measures to prevent 'USIM configuration and cloning' related to the SK Telecom leak incident, stating that replacing the USIM or eSIM is essential for preventing damages such as SIM swapping that involves identity theft. The main difference is that a USIM is a physical card inserted into a mobile phone, while an eSIM is a software-based solution built into the device, although their functions are the same.
A Personal Information Protection Commission official noted, 'If you replace the USIM, the International Mobile Subscriber Identity (IMSI) and authentication key (K) are reissued, so information stolen by hackers can no longer be used.' The same principle applies to eSIMs, which can neutralize attempts to clone and use existing USIM information.
Additionally, joining the 'USIM protection service' allows management by linking the device identification number (IMEI) with USIM information, making it impossible for hackers to operate a cloned USIM even if inserted into another device. Changing carriers to KT or LG Uplus or altering the phone number is also effective in neutralizing the leaked information. Switching carriers deletes the information stored in SK Telecom's Home Subscriber Server (HSS), and changing numbers alters the subscriber identification number itself, ensuring it no longer matches previously hacked information.
In contrast, changing the mobile phone device has little practical effect on preventing the use of cloned USIMs, according to the Personal Information Protection Commission, since the existing information stored in the HSS remains intact.