Recently, concerns about personal information leaks are spreading among budget phone subscribers using the SK Telecom network that was recently attacked by hackers. This is due to the perception that although SK Telecom manages its own network and the budget phone network servers separately, the security management of the budget phone network servers may have been relatively neglected.
SK Telecom announced on the 24th that it would provide a "SIM protection service" to customers of 14 budget phone companies using its network. This comes after SK Telecom began offering the SIM protection service to its customers on the 22nd, taking action belatedly. According to the Ministry of Science and ICT, the number of budget phone subscribers using the SK Telecom network is approximately 1.87 million.
A budget phone user named Kim (41) said, "I know that we use the same network as SK Telecom, but since we were hacked, there's a possibility that budget phone subscriber information was also compromised. Still, I feel that the protective measures came late, causing significant dissatisfaction." Another subscriber named Park (37) also noted, "Budget phone subscribers are customers using the SK Telecom network, and I am disappointed with the differential and slow response, so I plan to switch to a budget phone that uses the KT or LG Uplus networks."
The growing anxiety among budget phone subscribers is due to past precedents. It was confirmed that when LG Uplus was hacked in January 2023 and 300,000 customer information was leaked, the information of more than 19,000 budget phone users was also leaked.
According to industry sources, SK Telecom manages the servers of budget phones and its own network separately. In contrast, KT and LG Uplus manage the servers of budget phones and their own networks together. While the consolidation of network servers means that if the servers are breached, budget phones may also be compromised, there is an advantage for small budget phone companies in that the large telecommunications companies invest resources to manage server security.
An industry official said, "SK Telecom operates a system called 'Mobius' on a separate server and program that manages information related to budget phone subscriber activation, line maintenance, and billing. Budget phone companies attach an API (application programming interface) to send and receive data for managing customer information. Therefore, security management of the budget phone network servers is entirely dependent on SK Telecom."
An industry source stated, "If the SK Telecom network server is breached, it seems likely that the budget phone network server would be even more vulnerable in terms of security personnel deployment and operational aspects."
Budget phone companies, which are struggling with a recent decline in subscribers, are reducing their own security investments. According to the Korea Internet Security Agency (KISA), SK Telink's investment in information security last year was 1.6 billion won, a decrease of about 15% from 1.8 billion won in 2022. During the same period, LG HelloVision's investment in information security was 2.57 billion won, down 42% from 4.45 billion won the previous year.
SK Telecom has not yet determined the exact scale of the damage or the precise timing of the hacking. It has also been reported that the company violated regulations requiring it to report an incident to authorities within 24 hours of becoming aware (Article 47 of the Telecommunications Network Act). The company announced that it became aware of the hacking on the 19th of this month, but according to People Power Party Representative Choi Soo-jin's office, it was revealed that it was actually at 6:09 p.m. on the day before, the 18th.
The Telecommunications Network Act stipulates that service providers must report the date and time of the incident, its cause, and damage details to the Minister of Science and ICT or KISA within 24 hours of becoming aware of an incident. The reporting time for SK Telecom to KISA was 4:46 p.m. on the 20th.
Professor Ahn Jeong-sang of the Graduate School of Communication at Chung-Ang University noted, "The anxiety among budget phone subscribers using the SK Telecom network is due to the company's negligent response. In a situation where there is a possibility of personal information leakage, failing to take proactive measures and providing the SIM protection service two days late is clearly a delayed response."