SKT accuser: “KT and LGU+ will also be sued if hacking is revealed”
“We must impose strengthened obligations on telecommunication companies and hold them accountable if they violate them, at a level that threatens their existence.” “If not only SK Telecom but also KT or LG U+ are found to have been hacked and customer information has been leaked, we will actively consider filing a complaint for breach of trust.” Gye-Jun Son, head of the corporate legal group at Daeryun Law Firm, met with a reporter for <Security News> in Yeouido on the 26th and said this. On the 1st, Daeryun filed charges against SKT CEO Yoo Yeong-sang and the head of security for breach of trust and breach of trust. He was charged with obstruction of official duties. On the 21st, I responded to the accuser's investigation at Namdaemun Police Station. Group Leader Son is the lawyer in charge of this case. As a result of this accident, public anxiety about the information protection capabilities of not only SKT but also domestic telecommunications companies and platform companies has increased. Immediately after this paper's first report on the 21st ([Exclusive] Did BPF Door, the malicious code that attacked SKT, infiltrate KT servers as well?), the government launched a direct investigation into KT and LG U+. In addition to the two telecommunication companies, platform companies such as Naver, Woowa Brothers, Kakao, and Coupang are also subject to investigation. Group Leader Son said, “If customer information is leaked through hacking of other telecommunications carriers or platform companies other than SKT, we will hold them accountable through complaints and complaints,” and added, “They are all in the same context in terms of corporate social responsibility.” Regarding SKT’s insufficient investment in information protection, he said, “It is not illegal in itself, but it can be seen as a breach of trust.” As the No. 1 business operator, he said. The point is that SKT, which is well aware of the importance of information protection and investment costs, neglected the storage and use of subscribers' information as a person handling entrusted affairs such as storage and utilization of SIM card information. The explanation is that this can be seen as maximizing their own profits. In fact, according to the Korea Internet & Security Agency (KISA) information security disclosure, the annual information security investment amount announced by SKT in 2024, combined with its wired communication subsidiary SK Broadband, is approximately 86.7 billion won. This is 5.9% of the investment in information technology, which is lower than KT (6.4%) and LG U+ (6.6%). Government certification systems such as ISMS are insufficient for telecommunication companies... “Need to strengthen obligations” According to IANS Research, the proportion of investment in information security by American companies last year was 13.2%. All three domestic telecommunications companies are less than half of those in the U.S. Group Chairman Son mentioned the need to improve domestic information protection-related laws and systems. He said, “This accident revealed that the government certification system does not properly evaluate corporate security capabilities and does not provide good follow-up management.” In particular, the ‘ISMS/ISMS-P Simple Certification System’, which was introduced in July 2024 to ease the burden of certification acquisition for small and medium-sized businesses, is not sufficient to check the information protection posture of major telecommunication operators. He said, “There is a need for a paradigm shift from focusing on ex-post punishment to focusing on proactive prevention.” “We must impose obligations, and if they are violated, we must impose effective sanctions that threaten our existence,” he emphasized. Meanwhile, after graduating from Seoul National University, Group Leader Son passed the civil service examination and worked at the Fair Trade Commission for 10 years. After passing the bar exam, he worked at Gwangjang Law Firm and is currently working as the head of the Daeryun Corporate Legal Group. While serving at the Fair Trade Commission in 2009, he participated in sanctions related to allegations of unfair trade in code division multiple access (CDMA) chip rebates, which imposed a large fine on Qualcomm of the United States. Reporter Kang Hyun-joo (jjoo@boannews.com)
SKT accusation lawyer: “KT and LGU+ will also be sued if hacking is revealed” (link)