In April, SK Telecom (SKT), a major telecommunications company in South Korea, experienced a cyberattack resulting in the theft of personal data from approximately 23 million customers, which is nearly half of the nation’s 52 million residents.
During a National Assembly hearing in Seoul, the SKT Chief Executive, Young-sang Ryu, reported that about 250,000 users had switched to different telecom providers after the breach. Ryu mentioned that this number could rise to 2.5 million if cancellation fees were waived.
The potential financial impact on the company could reach up to $5 billion over the next three years if they opt not to charge early cancellation fees, Ryu revealed at the hearing.
An SKT spokesperson described the incident as the most severe security breach in the company’s history and emphasized efforts to minimize customer damage. The spokesperson stated that the investigation regarding the number of affected customers and the hackers responsible is ongoing.
A joint public and private investigation is underway to identify the breach’s cause. The Personal Information Protection Committee of South Korea announced that 25 types of personal information, including mobile phone numbers and USIM authentication keys, were exfiltrated from SKT’s central database, increasing the risk of SIM swapping attacks and government surveillance.
SKT has been offering SIM card protection and free SIM card replacements to mitigate further customer damage. The company detected potential information leakage on April 19 and immediately isolated the compromised device while conducting a thorough investigation.
Plans are in place to develop a system to enhance customer protection while enabling seamless roaming services by May 14. Currently, SKT has not received any reports of secondary damage or misuse of customer information.
Timeline of SKT’s Data Breach
April 18, 2025: Abnormal activities were detected, with unusual logs and deleted files noted on equipment used for monitoring billing information.
April 19, 2025: A data breach was identified in SKT’s home subscriber server, which stores subscriber information.
April 20, 2025: SKT reported the incident to Korea’s cybersecurity agency.
April 22, 2025: SKT confirmed suspicious activity indicating a potential data breach involving USIM data on its website.
April 28, 2025: The process of replacing SIM cards for 23 million users began, though the company faced shortages in obtaining sufficient cards.
April 30, 2025: South Korean police initiated an investigation into the suspected cyberattack.
May 1, 2025: Local media linked the breach to China-backed hackers using Ivanti VPN equipment.
Teams discovered additional malware strains, broadening the scope of the investigation. As of May 7, SKT implemented a SIM protection service for eligible users and set up a fraud detection system to prevent unauthorized access.
May 8, 2025: SKT is evaluating how to handle cancellation fees following the breach. Meanwhile, authorities confirmed that 25 types of personal information were leaked.