Negligent' SK Telecom to Splash $514m on New Data Security Regime
South Korea's largest telecommunications operator, SK Telecom (SKT), has announced a significant investment in a new data security regime to "rebuild customer trust" after the government found the company to be "negligent" in dealing with a disastrous security breach earlier this year.
The security breach, which occurred on April 19th, resulted in the theft of subscriber data from up to 23 million SKT mobile subscribers. The hackers exploited malware that had infected the operator's Home Subscriber Server (HSS), compromising sensitive information including authentication keys. As a result, customers churned to rival operators, KT Corp and LG Uplus.
The South Korean government has concluded an investigation into the incident and found SKT to be "negligent" due to poor account information management, inadequate response to past breaches, and insufficient encryption of important information. The Ministry of Science and ICT noted that 25 types of subscriber data relating to 26.96 million accounts had been leaked.
As a result of the government's findings, SKT will face a fine of up to 30 million won (approximately $22,000) and may be referred for further investigation over its alleged violation of a data preservation order. However, instead of focusing on punishment, SKT has chosen to launch an Accountability and Commitment Program, which includes a $514m investment in new security systems and processes.
The program is designed to elevate the operator's information protection system to global top-tier standards and will involve significant investments over the next five years. The company plans to double its information protection team by hiring industry experts and developing in-house talent.
SKT will also establish a KRW10bn ($7.3m) fund to strengthen Korea's cybersecurity industry, with the aim of fostering talent through collaboration with prestigious universities specializing in information security. Additionally, the company will revamp its chief information security officer (CISO) role to report directly to the CEO and appoint a cybersecurity expert to the board of directors.
The Accountability and Commitment Program includes several key initiatives, including a Customer Assurance Package, which provides SIM protection for affected customers; a Customer Appreciation Package, which offers discounts and additional data for customers who signed up before the breach; and the cancellation of subscription cancellation fees for eligible customers.
SKT estimates that the cost of the Customer Appreciation Package will be approximately 500bn won ($367m), which has been reduced from its initial forecast. The company's full-year earnings forecast has also been impacted, with a reduction of 800bn won ($587m) due to the associated costs.
The introduction of this new data security regime marks a significant shift in SKT's approach to information protection and demonstrates the operator's commitment to rebuilding customer trust. As the telecommunications industry continues to evolve and become increasingly dependent on digital technologies, operators like SKT must prioritize cybersecurity and investment in robust security systems to ensure the integrity and confidentiality of sensitive data.
Full details of SKT's Accountability and Commitment Program can be found in this announcement. Stay tuned for further updates on this developing story.