A joint investigation by public and private investigators revealed that 26.96 million units of international mobile subscriber identity (IMSI) were compromised following the SK Telecom data breach on April 19, South Korea’s Ministry of Science and ICT (MSIT) said.
The Ministry previously said that “no device-unique identifiers (IMEI numbers) were leaked during the breach,” according to task force investigators.
Investigators also verified that customers enrolled in SK Telecom’s USIM Protection Service are safeguarded against illegal activities such as SIM swapping or the cloning of a user’s SIM card to commit fraud using another device.
In a May 12 earnings report, SK Telecom said it “has elevated its Fraud Detection System (FDS) — which blocks abnormal authentication attempts — to its highest operational level,” and that it has “also completed automatic enrollment in its SIM card protection service for all eligible customers.”
SK Telecom also launched a new “SIM Reset” solution, which blocks SIM cloning by modifying certain information on the existing SIM without the need to physically replace it. The SIM card protection service has also been upgraded “to ensure the protection of customer information even while using overseas roaming,” the company said.
“To expedite the replacement process, SK Telecom has temporarily suspended all new subscriber recruitment and number porting services at over 2,600 T World stores nationwide, focusing exclusively on SIM replacement services,” it added.
As of May 19, authorities discovered 25 types of malware and 23 hacked servers.
SK Telecom also acknowledged the findings: “We have isolated 25 types of discovered malware and 23 infected servers, and there has been no confirmation of leakage of 290,000 IMEIs (international mobile equipment identity), terminal cloning is virtually impossible, and the network is also blocked through FDS.”
According to a security expert, the scale of the SK Telecom data breach is proof of the power of malware campaigns and the urgent need for proactive security measures.
“Organisations that protect sensitive data have a responsibility to take proactive security measures to protect their customers’ information. Real-time monitoring, security audits, and implementing a zero-trust security architecture can help secure an organisation’s digital assets,” noted Darren Guccione, CEO and Co-Founder, Keeper Security.
