Key Points:
- LG Uplus is facing criticism for embedding customer phone numbers directly into SIM cards instead of randomizing them.
- Lawmakers are pushing for a temporary ban on new customer sign-ups until SIM replacements are complete.
- LG Uplus plans to offer free SIM replacements or software updates to 17 million users starting April 13.
- The Ministry of Science and ICT is hesitant to impose sanctions without confirmed data leaks.
LG Uplus is currently scrambling to deal with strong criticism regarding its SIM card security practices. This issue could even lead to a temporary halt in new customer sign-ups as lawmakers put more pressure on the company.
The problem started when it was discovered that LG Uplus had partially put customers’ actual phone numbers into its international mobile subscriber identity (IMSI) stored on SIM cards. Most other carriers worldwide randomize these values for better security.
After people raised concerns about potential personal data leaks, LG Uplus announced it will provide free SIM replacements or software security updates to all its users starting April 13. This will cover a massive 17 million lines, including regular subscribers, secondary devices, and users of budget phones.
The company stated that they realized the need to randomize their IMSI system after SK Telecom’s big hacking incident in 2025 and have been getting ready to fix it since the second half of last year.
However, questions have come up about why the company is waiting until April 13 to fully start the replacements, if their preparations are good enough, and if the process will go smoothly. This change could also be a hassle for new customers who might have to change their SIM cards again soon after joining.
During a parliamentary committee meeting on Tuesday, lawmakers demanded stronger actions, including a temporary stop to new subscriptions until the SIM replacement process is stable.
“Since subscriber identity information sent from a cell phone to the base station is not encrypted, randomization is essential, yet LG Uplus has been using customers’ phone numbers as they are,” one lawmaker said. “Even though there were two chances to update the system — in 2004 and again during the LTE rollout — the company ignored them.”
Another lawmaker also called for an independent check of the new IMSI values and stricter security certifications. They argued, “The data of 11 million people is at risk of being exposed, so saying there’s no legal problem means the responsible ministry is neglecting its duty.”
However, the Ministry of Science and ICT is being more cautious. They stressed that there’s no clear legal reason to punish LG Uplus because no actual data leak has been confirmed.
“Directly putting phone numbers (into the SIM) might make it less secure compared to randomizing it. But it’s not against the law,” said Science and ICT Minister and Deputy Prime Minister Bae Kyung-hoon during the meeting. “We also recognized the problem, and LG Uplus has decided to take extra steps, including replacing SIM cards.” He added that for punitive action, there would need to be an actual security breach.
LG Uplus has not yet provided clear details on how many SIM cards they have, the exact timeline for replacements, or how they plan to manage this across all their stores.
Meanwhile, LG Uplus CEO Hong Bum-shik refused to comment when reporters asked if he was considering stopping new subscriptions due to the IMSI issue, after the company’s annual shareholders’ meeting on Tuesday.
