20.5k unique visitors in the last 3 days

SK Telecom Gives 50% Discount to Stem Exodus of Customers Following HSS Data Breach

CEO Yoo Young-sang announced a KRW500bn (USD370mn) customer giveaway alongside a KRW700bn (USD510mn) plan to invest in security.

Customers of embattled South Korean operator SK Telecom will get a 50% rebate on all their fees in August and higher data allowances for the rest of the year as part of a KRW500bn (USD370mn) package of loyalty incentives. The announcement, which was made by CEO Yoo Young‑sang at a press conference on July 4 (pictured) is designed to reduce the churn that has occurred following the revelation in April that the telco’s Home Subscriber Server (HSS) or an allied system had been infected with malware. That hack resulted in the exfiltration of over 9GB of highly sensitive data. The new loyalty incentives will be given to all of SK Telecom’s 24 million phone users, plus approximately 2 million users of MVNOs that run on SK Telecom’s network.

The news about the loyalty program was given soon after the announcement of the conclusions of a joint public-private investigation into the data breach. This prompted the government to order that early termination fees must be cancelled for any customer who was subscribed to SK Telecom before midnight on April 18 and who ended their subscription or intends to end their subscription by July 14. The telco’s share price underwent a sharp 3% fall in response, having previously recovered most of the losses suffered after the hack was disclosed in April, and after a 0.5% year-on-year fall in revenues headlined the Q1 financial results announced in May. Anecdotal reports of customers switching to rival operators has raised speculation that the fallout from the breach will have a bigger impact on SK Telecom’s Q2 figures. The full year earnings forecast has already been reduced by KRW800bn (USD590mn).

Ministers criticized SK Telecom’s security posture and described the firm as ‘negligent’ but the government’s reaction has otherwise been lenient, despite the seriousness of the breach. The Ministry of Science and ICT stated that hackers had first infected SK Telecom servers on August 6, 2021, approximately 10 months earlier than initial estimates. 33 types of malware were identified in total, including 27 variants of BPFdoor, a Linux-based passive backdoor associated with Chinese hackers. The only direct punishment imposed so far is a KRW30mn (USD22,000) fine because SK Telecom failed to disclose the breach within the mandatory 24-hour timeframe. This particular failing was already known, given that SK Telecom’s April 22 disclosure noted that the breach had been identified on April 19. It has since been discovered that the operator was aware of malware infections as early as 2022 but chose not to disclose them at the time.

Science Minister Yoo Sang‑im referred to the breach as “a wake-up call for the entire telecommunications industry and our national network infrastructure” but the government has chosen to kick the can down the road with more prolonged criminal investigations. They are evidently struggling to find the right balance that will hastily tighten national security without further damaging consumer confidence. Some of the telco’s straightforward security changes include giving their CISO a direct reporting line to the CEO and the addition of a cybersecurity expert to the board of directors. The telco has already completed an initiative to rewrite all USIM data so that each subscriber’s phone number is linked to their handset, complicating the process that any criminal would need to follow to hijack an account. The company is also in the process of replacing all SIM cards; almost 9.5 million have been changed out of a total of 26 million. Stores only began accepting new customers again on June 24, having previously been fully dedicated to replacing the SIMs of existing customers as quickly as possible.

Alongside the KRW500bn to be spent on the loyalty program this year, SK Telecom has also committed to spend KRW700bn (USD510mn) over the next five years on an ‘Information Protection Innovation Plan’. This will involve doubling the number of information security employees and creating a permanent Red team to test the company’s defenses. There is not a lot more detail to share, beyond the fact that this will seemingly involve a lot of committees with words like ‘protection’ and ‘trust’ in their titles. The plan includes KRW10bn (USD7.3mn) that will be donated to a national information security fund, whose purpose will be fostering cybersecurity talent in cooperation with universities and start-up security businesses.

Some people will welcome these developments as a step in the right direction. I prefer to observe that they come too late. We live in societies where the dominant paradigm is to wait until security has been shown to be inadequate, then hurriedly patch up the mess. There is a long track record of failure. We are all now victims of data breaches. SK Telecom’s failings show how deep the rot has set in, even with critical networks that carry so much of our personal data. The actions taken following the breach suggest SK Telecom sets a higher priority on security than most other telcos, and we should keep this in mind when judging how well the industry performs as a whole. The real problem is with the low expectations that have been normalized. For all the fuss this particularly egregious breach has caused in a trust-conscious society like South Korea, SK Telecom’s share price is only a little down from its peak, and their management team evidently expects to ride out this storm without any of them losing their jobs.

Eric Priezkalns
Eric Priezkalnshttp://revenueprotect.com

During his career, Eric has been a Director of Risk Management for a national telco, the Chief Executive of the Risk & Assurance Group, a Chief Marketing Officer for a software business, a consultant, a public speaker and the publisher of Commsrisk since its launch in 2006. Look here for more about the history of Commsrisk and the role played by Eric.

The comms providers that Eric has worked for include Qatar Telecom, Cable & Wireless, T‑Mobile, Sky and Worldcom. In addition to his proficiency at speaking about the current scamdemic, Eric is also a qualified chartered accountant and a subject matter expert in consumer protection, enterprise risk management, fraud prevention, data integrity and billing accuracy. Eric was the lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He can be reached through the contact form on this website.

Related Articles

The Commsrisk Global Fraud Dashboard


Our Global Fraud Dashboard uses AI-powered search to collate, update and visualize data about scams and other network abuses from around the world. New charts are added each month. See it here.

Get Our Weekly Newsletter by Email