SK Telecom(SKT) detected a malware attack on its systems a day before submitting its incident report, in violation of a regulation that requires service providers to report data breaches within 24 hours.

According to data submitted Thursday by SKT to People Power Party Rep. Choi Soo-jin of the National Assembly’s Science, ITC, Broadcasting and Communications Committee, the company first became aware that data was being moved out of its in-house system at 6:09 p.m. on April 18.

By 11:20 p.m. the same day, the firm verified the presence of the malicious code and that the telecommunications company had been hacked.

The next day at 1:40 a.m., the company began analyzing what kind of data was compromised and it established at 11:40 p.m. that some USIM information had been leaked.

SKT’s incident report to the Korea Internet and Security Agency(KISA), which was later sent to Rep. Choi’s office, showed a 45-hour gap between the time the hacking was detected and the time it was disclosed.

In response, SKT explained that the incident report was delayed in an effort to thoroughly grasp the cause and scope of the data breach, adding that the delay was not deliberate.

The Ministry of Science and ICT and KISA are still investigating the cyberattack on SKT.