It has been confirmed that LG Uplus has partly used actual mobile phone numbers in the process of assigning the International Mobile Subscriber Identity (IMSI), which is used for subscriber identification.
IMSI is a 15-digit number stored in the USIM and is a user identifier within the network composed of a country code, a mobile network operator identifier, and a personal identification number.
According to the industry on the 17th, LG Uplus has used a method that reflects part of a subscriber's actual phone number when generating an IMSI from the introduction of fourth-generation (4G) mobile service in 2011 to the present. This differs from SK Telecom and KT, which assign the personal identification number in a way that is hard to predict by using random numbers and the like.
Experts say that while hacking may not occur immediately with the IMSI value alone, there is a possibility it could lead to additional security threats, such as creating cloned phones, if combined with other information. The security industry also notes that keeping personally identifiable information in a form that is predictable over a long period was inadequate from a management standpoint.
LG Uplus says there were no clear international standards at the early stage of 4G and that it merely carried over the system used during second-generation (2G) service, so it did not violate any rules. Still, it believes there is a need to strengthen personal data protection measures and has begun to prepare corrective steps.
Starting on the 13th of next month, LG Uplus will begin USIM resetting or replacement for interested customers, and in November it plans to apply technology that allows an IMSI to be changed with only a software update.
The Ministry of Science and ICT, the Korea Internet & Security Agency (KISA), and the National Assembly's Science, ICT, Broadcasting, and Communications Committee also reportedly held two meetings with LG Uplus to discuss related measures.