SK Telecom, which experienced a USIM hacking incident last year, has carried out most corrective orders it received from the Personal Information Protection Commission.

The commission said on May 14 that 111 cases, or 95.0 percent, of 222 corrective orders, corrective recommendations, improvement recommendations and publication orders whose deadlines fell in the second half of last year were implemented.

The most notable case was SKT. SKT, which saw personal information on about 23 million customers leaked in the USIM hacking attack, completed a full inspection of its personal data processing systems and improved its firewall policies. It also strengthened safeguards, including encrypting USIM authentication keys and critical information.

It also overhauled its organisational framework. It enabled the chief privacy officer, or CPO, to manage and supervise personal data assets without limitations on scope. Measures such as installing endpoint detection and response, or EDR, and expanding the scope of certification have not been completed, and will be checked further in the next implementation review.

Incruit, a job portal that suffered the leakage of personal information on about 7.2 million members due to hacking, set up an additional authentication system and improved policies to detect abnormal traffic.

In addition, overseas operators such as Kuka Entertainment and Elevate Hong Kong Holdings revised internal guidelines to ensure they do not process resident registration numbers without a legal basis. Five super apps took steps to allow account withdrawal and deletion by service and to provide easy-to-understand guidance on procedures for requesting suspension or deletion of personal data processing.

The commission plans to continue monitoring through additional implementation reviews by the end of this year whether corrective measures that were not implemented due to budget and time constraints have been completed.