SK Telecom announced its "Responsibility and Commitment" program on the 4th as a response plan to the hacking incident and will provide compensation to all subscribers. The compensation is budgeted at 500 billion won. Through this, they plan to offer various benefits, including a 50% discount on user fees in August. They will also allocate 700 billion won for information security.
SK Telecom also accepted the government's recommendation to waive penalties. The plan is to waive penalties for customers who cancel their contracts after the hacking incident among subscribers who had contracts as of midnight on April 18, prior to the incident, and for those who are scheduled to cancel by July 14.
A penalty is the amount to be returned for discounts received when terminating a contract early during the commitment period, which includes returns of device support payments or voluntary subscription discount returns. However, installment payments for devices, purchased separately from the telecommunication service agreement, do not qualify for the penalty waiver.
The penalty waiver is expected to proceed in the form of a refund for penalties already paid upon application. Ryu Young-sang, President of SK Telecom, held a press conference regarding compensation for the hacking incident at SKT Tower in Jung-gu, Seoul, and said, "All SK Telecom employees take the results of the public-private investigation body very seriously and sincerely apologize once again to customers and society for the cyber breach incident."
◇500 billion won invested in customer compensation
SK Telecom prepared the compensation plan after an emergency board meeting following the announcement of the investigation results of the cyber breach incident by the Ministry of Science and ICT's public-private investigation team. The "Responsibility and Commitment" program prepared by SK Telecom consists of ▲ a 'Customer Relief Package' to prevent damage to customers caused by the breach ▲ a 'Security Innovation Plan' with a total investment of 700 billion won over the next five years ▲ a 'Customer Appreciation Package' worth 500 billion won available to all 24 million SK Telecom customers ▲ and the 'Waiver of Penalties for Contractual Customers' among others.
SK Telecom stated, "In connection with the cyber breach incident, we announced the 'Customer Appreciation Package' after consulting with the Customer Trust Committee and obtaining board approval to thank customers who trusted and waited for us," adding that they plan to offer various programs worth 500 billion won.
The ‘Customer Appreciation Package’ targets approximately 24 million customers of SK Telecom and budget phone users using the SK Telecom network as of midnight on July 15. This includes a discount on telecommunication fees in August, additional data until the end of the year, and significant expansion of membership discounts.
SK Telecom will discount the August telecommunication fees by 50% for all customers (as of midnight on July 15). There will be no separate application process for customers. A 50% discount will be automatically applied to the telecommunication fees (monthly fee + text/voice/data call charges) used in August. Details of the discount will be available through all channels that inform about telecommunication fees, including the September paper bill and T World.
SK Telecom plans to support a 50% discount on the August telecommunication fees (monthly fee + text/voice/data call charges) for budget phone customers as well, in consultation with budget phone operators using its network. Additionally, SK Telecom will automatically provide all customers (as of midnight on July 15) with an additional 50GB of data per month from August until the end of the year, without a separate application.
Some children and youth plans that limit data do not include the basic provision of 50GB. Legal representatives can choose whether to provide the data via the customer service center and agencies. If there are minors under the age of 19, the legal representative can choose whether to provide the data.
SK Telecom plans to provide all customers with a year of free mobile device security solutions (ZIMPERIUM) capable of responding to the latest cyber threats. The solution will be offered to customers in the second half of this year after a preparation period.
SK Telecom plans to implement a 'Cyber Breach Compensation Guarantee System' to support the compensation process for damage caused by SIM card duplication in the event of a cyber breach. They have increased the limit for cyber breach-related corporate insurance from 1 billion won to 10 billion won, establishing a system to facilitate compensation for potential future cyber incidents.
SK Telecom stated, "We will thoroughly prepare technologically to prevent damage to customers related to the breach incident" and noted, "We plan to be well-prepared to respond to potential future cyber breaches."
SK Telecom announced its ‘Security Innovation Plan,’ which aims to establish a global top-level information security system with an investment of 700 billion won over the next five years, along with various enhanced security measures. This ‘Security Innovation Plan’ includes definitive protection measures against the recent breach incident and long-term strategies for enhancing security capabilities.
The company will double the recruitment of specialized cybersecurity personnel and cultivate internal personnel. They also plan to significantly increase investment funds for strengthening security technologies and systems. Additionally, a grant of 10 billion won will be contributed to activate the domestic cybersecurity ecosystem.
The governance related to cybersecurity will also be reorganized. SK Telecom will elevate the Chief Information Security Officer (CISO) organization under direct control of the CEO to enhance responsibilities and roles, and establish a Red Team to assess and improve the company's security status while bringing in security experts to the board.
SK Telecom plans to expand the personal information management system certification (ISMS-P) supervised by the Personal Information Protection Commission to include telecommunications infrastructure and systems and will apply personal information impact assessments, which are mandatory only for public institutions. Internal development and operational processes will be designed with a focus on personal information protection, and they will also promote industry-academic cooperation R&D for the development of next-generation information security technologies. They plan to listen to customers' voices through a public participation project that solicits ideas on personal information protection.
They will actively verify the security level in collaboration with a special information security innovation committee composed of academic authorities on personal information protection, cyber investigation advisory members, and industry experts. Plans also include conducting regular penetration tests with globally top-level white hackers to check for vulnerabilities and improve security.
Ryu Young-sang, President of SK Telecom, stated, “We prepared this ‘Responsibility and Commitment’ program as a gesture of gratitude for our customers who trusted and waited for us and to fulfill our responsibility regarding this incident, as well as expressing our commitment to become a company with strong security.” He added, “I sincerely apologize once again for this breach incident and will do my best to establish an information security system that customers can trust and feel secure.”