SEOUL: A joint investigation by government and private sector authorities has revealed that a cyberattack targeting SK Telecom Co. may have resulted in the exposure of sensitive user information, including universal subscriber identity module (USIM) data.
According to interim findings released Monday, the breach is believed to have originated on 15 June 2022, when unknown perpetrators infiltrated the company’s servers by installing malicious software. A total of 23 servers were affected, all of which store four types of USIM data, including international mobile subscriber identity (IMSI) details.
The IMSI is a unique code used to identify individual users within a network and is considered critical due to its potential use in financial transactions. The possible compromise of such information has raised serious concerns among data security experts and financial institutions.
Further investigation revealed that two of the 23 compromised servers had also been used as temporary storage for personal customer information, including names, dates of birth, mobile numbers and email addresses. Authorities are currently working to verify the exact nature and volume of personal data held on these two servers.
SK Telecom only discovered the breach on 18 April, nearly two years after the initial intrusion. Investigations remain ongoing to assess the full extent of the damage and determine whether any data has been misused or leaked externally.
-Yonhap
