Sign in Subscribe
By Ian Werther in News

South Korea's LG Uplus to replace SIM cards, encrypt IMSI after data leak

LG Uplus, one of South Korea’s largest mobile operators, said that some call data from its AI-powered voice app Exio was leaked and that it reported the incident to the Personal Information Protection Commission on the 6th of the month.

The company announced that, starting on the 13th of next month, it will replace USIM cards for all customers in response to concerns that the IMSI—used to identify mobile users—could be vulnerable to security problems.

Data base laboratory - IMSI PŁ Poland
Representative image for context; not directly related to the specific event in this article. License: CC BY-SA 3.0. Source: Wikimedia Commons.

On the 17th, LG Uplus said it would introduce encryption for the IMSI to proactively address potential future security incidents. IMSI stands for International Mobile Subscriber Identity and is a 15-digit number used when a mobile device first connects to the network. It is stored on the SIM and on the network and helps identify the subscriber for authentication. In LG Uplus’s case, part of the personal identifier portion of the IMSI includes digits derived from the user’s phone number.

Industry observers have warned that if IMSI is exposed, it could be exploited in hacking attempts. SK Telecom and KT are reported to assign near-random values to the personal identifier portion of IMSIs. LG Uplus, however, says that even if an IMSI were exposed, immediate hacking is unlikely, and the current IMSI framework complies with international standards and uses encrypted keys during authentication to reduce risk.

The move follows last year’s major hacking incident in the Korean telecom sector and a subsequent internal review of security measures. LG Uplus said the updated IMSI system will automatically apply when existing users replace their SIMs or reset their service settings.

Dydactic laboratory (IMSI PŁ Poland)
Representative image for context; not directly related to the specific event in this article. License: CC BY-SA 3.0. Source: Wikimedia Commons.

From the 13th, eligible customers can opt for a free SIM replacement and reconfiguration, including smartwatch users, customers with kid-friendly phones, and those on LG Uplus’ low-cost mobile network partners. New subscribers and customers transferring numbers will receive a SIM card that uses the updated IMSI system.

Why this matters beyond Korea: IMSI-based identification underpins mobile networks worldwide, and efforts to encrypt or randomize IMSIs influence roaming security, fraud prevention, and user privacy for international travelers and multinational businesses. For U.S. readers, this highlights ongoing global efforts to strengthen mobile authentication and reduce risks from SIM-related exploits, which can affect cross-border data flows, device ecosystems, and the security of supply chains for telecom hardware and services. As wearables and eSIM-based services become more common in the United States, similar security enhancements could shape how carriers and device makers implement authentication and protect user information.

Subscribe to Journal of Korea

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe