South Korea

Yonhap | English | News | Nov. 6, 2025 | Privacy

A state mediation panel in South Korea has advised SK Telecom to pay 300,000 won (US$208) in damages to each complainant affected by a data breach that occurred in April. This recommendation came after 3,998 individuals, including three group dispute cases, sought mediation regarding the incident.

The data breach involved a cyberattack on SK Telecom's main servers, potentially compromising the USIM data of 23 million subscribers. Following the attack, SK Telecom implemented a 500 billion-won compensation program offering mobile rate cuts, additional data, and discount coupons starting in August.

The mediation committee determined the compensation amount based on the anxiety and inconvenience experienced by the affected subscribers. The proposal also included recommendations for SK Telecom to enhance its internal controls and data security measures. Both SK Telecom and the complainants have 15 days to accept the proposal before the case is closed without settlement.

내년 사이버위협은 무엇?..."AI 악용 공격 두드러질 것"

ZD Net Korea | Local Language | News | Nov. 6, 2025 | Cyber Attacks and Data Loss

Major security firms have identified artificial intelligence (AI) misuse, state-backed cyberattacks, and ransomware as the top cybersecurity threats for 2026. The advancement of AI is expected to increase the sophistication and frequency of cyberattacks, while state-sponsored threats from countries like China and North Korea continue to pose national security risks. Ransomware targeting domestic companies also remains a persistent issue.

Companies such as Genians, Everspin, and Igloo Corporation highlighted ongoing ransomware attacks against major firms and persistent state-backed attacks on government entities. AI-related threats include both direct attacks on AI models and the use of AI-powered tools to automate and enhance attacks. The overall security of supply chains and the AI ecosystem is expected to be a significant concern.

Igloo Corporation emphasized the complexity of cyber threats due to the convergence of AI technology diffusion and geopolitical tensions, particularly referencing AI supply chain attacks and the cyber resilience needs of the AI ecosystem. Genians noted that AI is lowering the technical barrier for executing cyberattacks, thereby expanding the pool of potential attackers and continuing to target vulnerable websites and services, especially in the financial sector.

Oasis Security also warned of the evolution of AI-based attacks such as spear phishing and automated attack chains, with state-backed attacks potentially spreading from telecoms to other critical infrastructure. Ransomware attacks are predicted to persist by changing only their initial access points. Security experts expect that rather than new methods, existing cyber threats will become more advanced, demanding heightened vigilance and response efforts.

개인정보 분쟁조정위 "SKT, 인당 30만원 배상해야"

ZD Net Korea | Local Language | News | Nov. 6, 2025 | Privacy

The Personal Information Dispute Mediation Committee, part of the Personal Information Protection Commission, ruled that SK Telecom (SKT) must pay 300,000 won in damages to each applicant affected by the leak of personal information of 23 million subscribers. The decision, made during the committee's 59th plenary meeting on November 3, 2025, requires SKT to compensate for mental damages related to anxiety and inconvenience caused by the leak. The total compensation could reach approximately 1.2 billion won based on current applications, with the potential for further increases if more dispute mediation claims are filed.

SK Telecom was found to have violated its obligations under the Personal Information Protection Act by leaking 25 types of subscriber data, including mobile phone numbers, USIM identification numbers, and USIM authentication keys. The committee recognized the psychological impact of the breach and the disruption caused during the USIM replacement process. It also recommended that SKT implement comprehensive personal information protection measures, including an internal management plan and enhanced safety protocols to prevent future incidents.

The committee noted that SKT had taken prompt actions to block the leak route and prevent further misuse, such as through USIM replacements, and therefore deemed the infringement ceased. However, requests for restoration to the original state were not accepted due to the practical difficulties involved. The mediation proposal will be communicated to SKT and applicants, who have 15 days to accept; if SKT accepts, the mediation will proceed. SKT expressed regret that its voluntary compensation efforts were not reflected in the mediation proposal.