The rehearsal suggests a possible leak of private information from the SK telecommunications of cyber attacks

Seoul, May 19 (Korea Bizwire) – Server at SK Telecom Co., which contains data from personal information and universal subscriber identity module (USIM) from all subscribers, were compromised in a cyber attack, which made concerns made aware that critical USIM data that were used in financial transactions may have been leaked through, a common state-owned team on Monday.

According to the team's intermediate beds, the violation of June 15, 2022, when it is assumed that non -identified attackers have planted malware on the company's servers.

SK Telecom discovered the violation only a month ago on April 18.

A total of 23 SK telecommunications servers have been compromised by five, which were revealed in the previous briefing on April 29.

After a detailed analysis of 15 of these servers, the researchers found 25 malware variants: 24 BPFDoor variants and a web cell variant. The remaining eight affected servers are still being examined.

The investigators stated that 9.32 gigabyte usim data that corresponds to around 26.9 million international mobile subscribers -identity number (IMSI) are leaked through. SK Telecom currently has 25 million subscribers, including 2 million budget telephone users.

Among the affected servers were used as temporary memory for personal data such as names, birth data, telephone numbers and e -mail addresses and international data for mobile devices (IMEI).

The IMSI and IMEI are clear identifiers for every user and any device in a network and can possibly be used in financial transactions.

In her previous briefing, the investigation team said that servers who save IMEI numbers had not been infected with malware.

The team said that there was no evidence of a data injury between December 3, 2024 and April 24 of this year, according to the Hackers' available Firewall protocol data.

Between June 15, 2022 and December 2, 2024, however, no protocol data was available, which made it impossible to confirm whether leaks occurred during this time frame.

The Ministry of Science and ICT, which led the joint investigation team, said it was unlikely that Hacker can only duplicate a smartphone with the leaked IMEI numbers.

“IMEI is a 15-digit number. It is technically impossible to only duplicate a mobile phone with this number without a product key,” said Deputy Minister Ryu Je-Myung.

“We confirmed this by device manufacturers. The product key are kept with the production companies,” he added.

The investigators said that the Commission for Personal Data Protection would determine whether SK Telecom had violated the law on personal data protection violations by keeping the protocol files for four months and does not encrypt the leaked personal information.

You also demanded that SK Telecom take measures to prevent user damage.

In response to this, the company offered to replace the U.SIM of all 25 million subscribers, including 2 million budget telephone users, free of charge to prevent identity theft or finance fraud.

The company has also inscribed all users in the USIM Protection service, which, as it says, offers the same protection against non -authorized financial activities as a physical USIM replacement.

(Yonhap)