US FOMC Rate Hike... Korea-US Interest Rate Difference 2%p ‘Highest Ever’
G05-7182802122
PIPC Imposes KRW 134.8 Billion Penalty on SKT...The Largest Sanction Ever
NSP NEWS AGENCY, By Geul-sam Kwon and Bok-hyun Lee, 2025-08-29 13:10 ENX7
(Seoul=NSP NEWS) = On August 27, the Personal Information Protection Commission (PIPC) held a plenary meeting and imposed a disgorgement penalty of KRW 134.791 billion and an administrative fine of KRW 9.6 million on SK Telecom in response to a large-scale personal information leak.
This marks the largest sanction ever imposed in South Korea for a single data breach incident.
The breach involved the unauthorized leakage of 25 categories of personal information, including mobile phone numbers, IMSI (International Mobile Subscriber Identity), and SIM authentication keys (Ki), affecting approximately 23.24 million LTE and 5G subscribers. In particular, concerns over SIM cloning have been raised, as it was revealed that the authentication keys had been stored in plaintext.
G03-9894841702
According to the PIPC’s investigation, SK Telecom failed to fulfill several basic security obligations, including:
Operating without separation between external internet networks and internal management networks; Storing thousands of server account credentials (IDs and passwords) without encryption; Leaving well-known system vulnerabilities unpatched by failing to apply operating system security updates; Failing to encrypt SIM authentication keys.
Additionally, SK Telecom failed to notify affected users within the legally required 72-hour window after confirming the breach, potentially exacerbating user damages.
As part of its corrective measures, the PIPC ordered SK Telecom to overhaul its company-wide personal data management system, strengthen the authority of its Chief Privacy Officer (CPO), and obtain ISMS-P (Information Security Management System - Personal Information) certification for its core telecom network infrastructure.
The Chairperson of the PIPC stated, “This case shows that personal information protection is not a choice but an essential investment for companies,” adding, “Large-scale data-handling companies must view privacy protection not as a cost, but as a core responsibility.”
ⓒNSP News Agency·NSP TV. All rights reserved. Prohibits using to train AI models.