Regulatory Body in South Korea Imposes Sizeable Penalty on SK Telecom Due to Years of Overlooked Infractions in Cyberspace
In a significant development, South Korea's SK Telecom has been hit by a data breach that has raised major security concerns, particularly in the United States. The breach potentially endangered Federal Bureau of Investigation informants and has significant implications for national security, as highlighted by lawmaker Yu Yong Weon.
According to Yu, a defence and military affairs expert, hackers with access to call data records could potentially reconstruct entire call logs, exposing sensitive communications at the highest level of government. This concern has led to a call for a unified government response to cyberattacks and improved intelligence sharing on cyber threats, as proposed by Yu in the form of a National Cybersecurity Act.
The Personal Information Protection Commission (PIPC) in South Korea has fined SK Telecom Co. 134.8 billion won ($97 million) for failing to protect customer data and not reporting breaches in a timely manner. The PIPC expressed frustration about SK Telecom's lack of action in addressing its vulnerabilities and ordered the company to improve its oversight.
PIPC Chairman Ko Haksoo stated that SK Telecom had been in a vulnerable state for a long time, with significant weaknesses across the board. There were opportunities for SK Telecom to identify and address these issues over time, but the company missed those chances and continued to overlook them for a long period.
The SK Telecom hack has also been linked to China-linked hackers, with reports suggesting that these hackers breached telecom operators, including AT&T Inc., allowing them to monitor the phones of senior US officials. Following an investigation of the attack, the Ministry of Science and ICT in July said the carrier should waive penalties for customers looking to leave the network.
In response to the PIPC's decision, SK Telecom has pledged to prioritize personal data protection in all business activities. The company has also expressed regret over the decision against them. The newly proposed National Cybersecurity Act aims to address these types of security concerns and unify the government's emergency response to cyberattacks.
The name of the Korean legislator who discussed security concerns regarding the SK Telecom hack and proposed a National Cybersecurity Act in July 2022 is Kim Hyung-jun. This incident serves as a reminder of the importance of securing sensitive data and the need for robust cybersecurity measures in the digital age.
