SK Telecom to appeal record data breach penalty in South Korea

SK Telecom plans to challenge a record 134.8 billion won (about $91 million) fine imposed by South Korea’s Personal Information Protection Commission (PIPC) over a 2022 data breach that exposed information on 26.9 million customers. The regulator said SKT failed to protect user data and based the size of the penalty on the operator’s overall mobile revenue. SKT argues the fine is excessive, out of line with past PIPC cases such as a 6.8 billion won ruling against rival LG Uplus, and does not factor in the company’s response to the incident.

The operator also maintains that customers have not suffered direct or indirect damage from the breach, a position disputed by the Korea Consumer Agency (KCA). The KCA says the hack harmed consumers and ordered SKT in December to compensate affected users with 100,000 won each via bill discounts and credits. If all eligible customers claim the offer, SKT’s payout could reach 2.3 trillion won ($1.5 billion), more than its 2024 net profit. SKT is reviewing that order and has pledged 1.2 trillion won ($783 million) for cybersecurity upgrades and compensation related to the breach.