LG Uplus faces possible sign-up suspension amid SIM security backlash

LG Uplus is scrambling to contain backlash over its subscriber identity module (SIM) security practices, which could escalate into a temporary suspension of new customer sign-ups as the company faces mounting pressure from lawmakers.

The controversy arose after the company was found to have partially embedded customers’ phone numbers in its international mobile subscriber identity (IMSI) stored on SIM cards, rather than randomizing the values as most carriers globally do.

After concerns were raised about potential personal data leaks, LG Uplus announced it will provide free SIM replacements or software-based security updates to all users starting April 13, covering up to 17 million lines, including subscribers, secondary devices and budget phone users.

The company said it identified the need to randomize its IMSI scheme following SK Telecom’s massive hacking incident in 2025 and has been preparing countermeasures since the second half of last year.

Questions have arisen over why the company is waiting until April 13 to fully initiate the replacements, whether its preparations are sufficient and whether the transition will go smoothly. The move would also be inconvenient for new subscribers, who may have to change SIM cards again after a short period.

During a parliamentary committee meeting at the National Assembly on Tuesday, lawmakers called for stronger administrative measures, including a temporary suspension of new subscriptions until the SIM replacement process stabilizes.

“As subscriber identity information sent from a cell phone to the base station is not encrypted, randomization is essential, yet LG Uplus has been using customers’ phone numbers as they are,” one lawmaker said. “Even though there were two opportunities to update the system — when the IMSI standard was set in 2004 and again during the LTE rollout — the company ignored them.”

Science and ICT Minister and Deputy Prime Minister Bae Kyung-hoon, left, attends a parliamentary committee meeting at the National Assembly in Seoul, Tuesday. Yonhap

Another lawmaker also called for third-party verification of the new IMSI values and stronger information security management system certification requirements, saying, “The data of 11 million people is at risk of being exposed, so insisting there is no legal problem amounts to neglect of duty on the part of the responsible ministry.”

However, the Ministry of Science and ICT has taken a more cautious stance, emphasizing that there is no clear legal basis for imposing sanctions, as no data leak has been confirmed.

“Directly embedding phone numbers may lower the level of security compared with a randomized approach. But it is not a legal violation … We have also recognized the problem, and LG Uplus has decided to take additional measures, including USIM replacement,” Science and ICT Minister and Deputy Prime Minister Bae Kyung-hoon said during the meeting.

“In order to take punitive action, there would need to be an actual security breach or a situation that warrants legal sanctions. From a security standpoint, it is more appropriate to issue recommendations and ensure they are carried out.”

LG Uplus has yet to spell out concrete details on its SIM inventory, the replacement timeline or how it plans to manage the process across its retail network.

Meanwhile, LG Uplus CEO Hong Bum-shik declined to comment when reporters asked whether he was considering a suspension of new subscriptions in light of the IMSI controversy, following the company’s annual shareholders’ meeting at its headquarters in Seoul’s Yongsan District on Tuesday.