SK Telecom fined 134.8 billion won for major data breach

The Personal Information Protection Commission has fined SK Telecom 134.791 billion won for a massive personal data breach caused by hacking. The fine is the largest ever imposed by the commission, exceeding the 100 billion won penalties levied on Google and Meta in 2022. On Aug. 28, the PIPC held a briefing at the main building of the Seoul Government Complex in Jongno District, Seoul, and said SK Telecom would also face an additional administrative penalty of 9.6 million won. The fine serves as an administrative sanction to recover economic gains obtained through legal violations, while the administrative penalty addresses procedural breaches, such as failure to report or notify.

According to the PIPC’s investigation, hackers infiltrated SK Telecom’s core authentication server (HSS) on April 18, leading to the leak of critical personal information, including phone numbers and SIM authentication keys (Ki), for all 23.24 million LTE and 5G users, totaling 26.96 million records. “When determining the level of sanctions, we consider the severity of the case," PIPC Commissioner Ko Hak-soo said. "Within the commission, there was a consensus that this incident is extremely serious.”

On the same day, SK Telecom said it takes the decision with a heavy sense of responsibility. “It is regrettable that the company’s actions and position were not fully reflected in the outcome, despite being thoroughly explained during the investigation and deliberation process,” the company added. SK Telecom is reportedly considering filing a lawsuit, arguing that the size of the fine is excessive.


임재혁기자 heok@donga.com