Recently, SK Telecom, South Korea’s highest earning mobile operator, has suffered from a record penalty of $97 million on account of the mega data breach, which has impacted a multitude of users, concerning users’ private data. SK Telecom has become the telecom company that has suffered the highest fine in the country’s history. This marks the beginning of the country’s severe fines on telecom operators due to underserved data protection policies for critical infrastructure. This event has also shed light on the tightening telecom regulations for poor data protection policies toward critical infrastructure.
A lack of security patches and updates
According to the reports of the authorities and of the investigators of the data breach, the responsible hackers took advantage of the systemic vulnerabilities in the internal network of Telecom SK, that has been unauthorized access to the servers, which had basic security features disabled, such as a lack of a password, and a lack of security patches and updates.
PIPC noted that the company’s systems were “very weak,” indicating that they were susceptible to intrusion. Using outdated operating systems along with weak encryption created even more risk. This is precisely how attackers were able to use the connectivity of the company’s intranet to extract confidential data.
Concluding the investigation, the PIPC affirmed that SK Telecom did not fulfill its duty to take reasonable steps to protect customersโ data and did not notify customers in a timely fashion. Critique by chairperson Ko Haksoo declared the company to have
โsignificant weaknesses throughout, saying SK Telecom has had the chance to make improvements, but they did not.โ
The long-standing negligence resulted in leaving SK Telecom โweak and exposed.โ
Apart from the financial fine imposed, there are other more severe consequences to SK Telecom concerning its defense governance. These include:
- Strengthened access control and encryption.
- Security audits every three months.
- Nomination of a Chief Privacy Officer to supervise compliance.
- Investment in modern cybersecurity systems.
SK Telecom announced that it would additionally commit 700 billion won over the next five years to enhance its already existing protective strategies.
Business sector and others’ response
SK Telecom has stated that they take this matter seriously and that they will ensure that they protect sensitive information and cybersecurity. SK Telecom will assist the government to the fullest and will try to implement the security measures that are already planned at a faster pace.
On the other hand, the public, legislators, and politicians are very angry due to the sanctions and the connector breach, and they believe new cybersecurity laws at the national level are a must.
The telecom networks that carry sensitive and strategic information are highly porous, and this has been expressed within the company.
This unprecedented fine, which has now been imposed on the company, will sharply increase the possibility of the company and other companies having to comply with a cyber due diligence law, and this will ensure very close regulatory supervision.
Most believe this incident should make every telecom operator in the world reassess their security guideline
Regulators and executives say that as cyberattacks get worse every day and as companies and governments try to protect and maintain their relationships and data, these companies will need to start protecting their data in order to maintain these relationships.
In the case of SK Telecom, recovery will not only come in the form of upgrades, but also of building back customersโ trust.
With the reforms SK Telecom is being mandated to make, transparency and accountability are concerns that are being pursued. At the same time, South Korea is clearly saying that, as cyberattacks become more common, any idleness or negligence will have consequences when it comes to protecting data.
