 |
Photo = SK Telecom |
[Alpha Biz= Kim Jisun] On May 19, South Korea’s joint government-private task force investigating the SK Telecom cyberattack revealed in its second report that malware had been present on a server containing sensitive personal information—including IMEI numbers (unique device identifiers), names, contact details, and birthdates—for over three years without the company’s knowledge.
This follows an earlier report last month in which the government stated there was no IMEI leak and thus "no risk of criminal misuse." However, in light of the latest findings, the government walked back that stance, now saying that even if IMEI data was leaked, “creating a cloned phone is physically impossible.”
The revelation that the country’s largest telecom operator failed to detect malware for three years—and that the government’s stance on potential risks has changed—has reignited public concern. Many consumers, already shaken by the initial breach, had rushed to sign up for SIM protection services or replace their SIM cards, and are now expressing renewed anxiety.
A government official attempted to reassure the public, stating: “Smartphone manufacturers and telecom providers confirm that it is physically impossible to create a cloned phone and that such devices are completely blocked from accessing the network. There is no need for excessive concern.”
Two key findings emerged from this second report:
Volume of Exposed Data: A total of 26,957,749 records, amounting to 9.82 GB, were confirmed to have been compromised. This figure exceeds the combined number of subscribers to SK Telecom and its budget phone affiliates, which stands at around 25 million.
Sensitive Data Exposure: Contrary to initial claims, the report confirmed the possibility of leaks involving IMEI numbers, names, and birthdates. Specifically, malware was discovered on a server containing 291,831 IMEI records. The malware was planted in June 2022, and only log data from December 3, 2023, to April 24, 2024, remains available. The task force stated that no data exfiltration was detected during that five-month window. However, because logs from June 2022 to December 2023 are unavailable, it remains impossible to determine if leaks occurred during that period.
SK Telecom maintains that, based on a broad review of network traffic and data flow, there is no evidence of data having been leaked externally during that time.
AlphaBIZ Kim Jisun(stockmk2020@alphabiz.co.kr)
