SK chief apologizes over SK Telecom data leak

Chey Tae-won calls hacking incident national security issue, pledges reform

SK Group Chairman Chey Tae-won bows to apologize for the recent data leak during a press conference in Seoul on Wednesday. (Im Se-jun/The Korea Herald)

SK Group Chairman Chey Tae-won apologized on Wednesday for a recent hacking incident at SK Telecom that led to a massive data leak, pledging to bolster cybersecurity across the conglomerate’s affiliates.

Chey’s apology came 19 days after the country’s largest mobile carrier with 25 million subscribers -- nearly half of Korea’s population -- disclosed that it had suffered a cyberattack and subsequent data breach of customers’ USIM data on April 18.

The data breach, caused by a malware attack inside a key internal system called the Home Subscriber Server, resulted in the leak of about 9.7 gigabytes of data. As of now, the exact cause and the identity of the attacker have not been officially confirmed.

“I sincerely apologize on behalf of SK Group for causing concern and inconvenience to our users and the public due to a cyberattack at SK Telecom,” Chey said at a press conference held at SK Telecom’s headquarters in Seoul.

Chey acknowledged the difficulties customers have faced, including long waits at retail stores to receive new USIM cards, and expressed regret at the company’s inadequate communication and response following the incident.

“We will fully cooperate with the government investigation to identify the cause of the breach and to prevent further damage to customers,” Chey said. “Separately, we will inspect the overall cybersecurity system of all SK affiliates and expand investment in security systems.”

He also announced that the company will set up a new information protection innovation committee, comprising outside experts. SK Group plans to set up the new committee under the Supex Council, the conglomerate’s top decision-making body.

“It is crucial that we properly establish a security system and address the issue not just as a security issue, but as one that concerns national security and lives,” he said.

At the press conference, Chey revealed that he has not replaced his own USIM card but is subscribed to the company's USIM Protection Service.

The company asserts that the USIM Protection Service effectively blocks the use of illegally cloned USIM cards on other devices, providing the same level of protection as physically replacing the USIM.

As of Wednesday, all 24.11 million eligible customers have joined the USIM protection service, according to the company. About 1 million users remain unenrolled, as the service is currently incompatible with international roaming plans. The company said it is upgrading its system to allow users to use both services by May 14.

Meanwhile, some 1.07 million users have switched their USIM cards so far. The company began offering free USIM chip replacements to all users on April 28, but the swap process has been hampered by overwhelming demand and a supply crunch.

The company said it plans to secure around 5 million additional USIM cards this month and another 5 million in June, vowing to speed up the replacement process.

Following the hacking incident, SK Telecom has experienced a user exodus to its main rivals, KT and LG Uplus.

Amid growing calls to waive early termination fees for users, Chey said the issue is still under review. “I also hope this issue will be resolved in a way that causes no inconvenience to customers,” said Chey. “Concerns over user fairness and legal matters must also be reviewed. SK Telecom’s board of directors is currently discussing the matter.”