Yazılar

South Korea Fines SK Telecom Over Massive Data Breach Affecting Millions

/in /tarafından

South Korean authorities on Friday penalised SK Telecom, the country’s largest mobile operator, for its failure to prevent a massive data leak involving nearly 27 million pieces of user data, blaming the company for negligence and failure to meet regulatory standards.

Government Findings and Penalties

The Ministry of Science and ICT found that SK Telecom did not adequately protect USIM (universal subscriber identity module) data and violated cybersecurity regulations. The ministry’s investigation followed SK Telecom’s disclosure in April that it had been the target of a malware attack, leading to the breach.

As a result, SK Telecom faces:

  • A fine of up to 30 million won (~$22,000)

  • A requirement to implement quarterly security audits

  • Mandates for the CEO to directly oversee data governance

  • Increased investment and staffing in cybersecurity

The ministry called the situation a “wake-up call” for the nation’s broader digital infrastructure and urged stronger protections across the telecom sector.

Company Response and Compensation Measures

Following the announcement, SK Telecom said it would invest 700 billion won (~$513 million) over the next five years to bolster data protection. The company also offered:

  • A 50% discount on August subscription fees for its 24 million customers

  • Free USIM replacements to all affected users at 2,600+ retail stores

  • A public apology from CEO Ryu Young-sang, who said the company takes full responsibility for the incident

To reflect the financial impact, SK Telecom has cut its 2025 revenue forecast by 800 billion won, citing approximately 500 billion won in costs linked to the customer compensation package.

Broader Fallout and Public Concern

The breach has caused widespread alarm among SK Telecom’s 23 million active users, many of whom fear the potential theft of personal and financial information. As of late June, around 9.39 million users had replaced their USIM cards in response.

SK Group Chairman Chey Tae-won also apologised last month, vowing to take responsibility and restore public trust.

South Korea’s handling of the incident is likely to influence future regulatory scrutiny and standards in the country’s telecom and tech sectors, as data privacy becomes an increasingly critical issue in both corporate accountability and public confidence.

US SEC and SolarWinds Reach Preliminary Settlement in Cyberattack Lawsuit

/in /tarafından

The U.S. Securities and Exchange Commission (SEC) has reached a deal in principle with SolarWinds Corp and its chief information security officer, Timothy Brown, to settle litigation related to a Russia-linked cyberattack on the software company. The agreement was revealed in a court filing on Wednesday.

SolarWinds, the SEC, and Brown jointly requested a federal judge to pause court proceedings while they finalize the settlement paperwork, which the judge approved. The case centers around the “Sunburst” cyberattack, which lasted two years and targeted SolarWinds, based in Austin, Texas.

The SEC accused the company and its security officer of defrauding investors by hiding security vulnerabilities. However, much of the SEC’s case was dismissed last year by U.S. District Judge Paul Engelmayer, who criticized the claims as relying on hindsight and speculation.

Both the SEC and SolarWinds declined to comment on the settlement details beyond public filings. SolarWinds expressed satisfaction with the potential resolution and a desire to focus on its business operations moving forward.

The parties plan to file the final settlement documents or a joint status report by September 12.

Cyberattack on Brazil Tech Provider Disrupts Reserve Accounts of Several Financial Institutions

/in /tarafından

Brazil’s central bank revealed on Wednesday that C&M Software, a technology services provider catering to financial institutions without their own connectivity infrastructure, suffered a cyberattack targeting its systems. In response, the central bank ordered C&M to suspend access to the infrastructure it manages for these institutions.

Kamal Zogheib, C&M Software’s commercial director, confirmed the company was a direct victim of the attack, which involved fraudulent use of client credentials to try to access its services. Despite the breach, C&M said its critical systems remain intact and fully operational, with all security protocols activated. The company is working closely with the central bank and Sao Paulo state police as investigations continue.

Brazilian financial institution BMP and five other banks reported unauthorized access to their reserve accounts during the Monday attack. These reserve accounts, held directly at the central bank, are used solely for interbank settlements and are separate from client accounts, which were unaffected. BMP stated it has taken appropriate operational and legal measures and holds sufficient collateral to cover any impacted amounts, ensuring no disruption to its operations or partners.

An anonymous official indicated C&M services about two dozen smaller financial institutions, and the financial impact of the attack does not reach billions of reais. Another source confirmed no losses were sustained by clients.

The central bank refers to these affected entities as “financial institutions lacking their own connectivity infrastructure,” including many digital payment providers that have grown rapidly in Brazil. The Pix instant payment system, operated by the central bank since late 2020, has become the country’s most popular payment method, driving competition and innovation in the sector.