SK Telecom Data Breach Impacts Millions in South Korea

SK Telecom Data Breach Impacts Millions in South Korea

South Korean telecommunications giant SK Telecom (SKT) confirmed a significant data breach affecting approximately 23 million customers, nearly half of the country's population. The breach, discovered on April 19, 2025, involved the theft of personal information from SKT's central database, including mobile phone numbers, unique identifiers (IMSI numbers), USIM authentication keys, and other USIM data.

This leaked data increases the risk of SIM swapping attacks and government surveillance for affected customers. SKT CEO Young-sang Ryu stated that 250,000 users have already switched providers, and that number could reach 2.5 million if cancellation fees are waived. The potential financial impact on SKT could reach $5 billion over the next three years.

Timeline of the SKT Data Breach

• April 18, 2025: SKT detected unusual activity and deleted files on its billing information monitoring equipment.
• April 19, 2025: Data breach identified in SKT's home subscriber server in Seoul.
• April 20, 2025: SKT reported the cyberattack to Korea’s cybersecurity agency.
• April 22, 2025: SKT publicly confirmed the potential data breach.
• April 28, 2025: SKT began replacing SIM cards for affected users.
• April 30, 2025: South Korean police launched an investigation into the cyberattack.
• May 6, 2025: Investigators discovered eight additional types of malware.
• May 7, 2025: SK Group Chairman Tae-won Chey issued a public apology for the breach.
• May 8, 2025: SKT assessed potential cancellation fee waivers for affected users. South Korean authorities confirmed 25 types of personal information were leaked.

Investigation and Potential Causes

A joint investigation involving public and private entities is underway. Reports suggest a potential link to China-backed hackers exploiting vulnerabilities in Ivanti VPN equipment, used by SKT and other South Korean companies. SKT reportedly received a cybersecurity notice from Korea's cybersecurity agency (KISA) to disable and replace the Ivanti VPN. TeamT5, a Taiwanese cybersecurity firm, warned of global threats posed by a Chinese government-backed group exploiting Ivanti's Connect Secure VPN systems.

SKT's Response

SKT is offering SIM card protection and free SIM card replacements. The company stated it has implemented a fraud detection system to prevent unauthorized logins using cloned SIM cards. As of May 7, 2025, most eligible users have been enrolled in the SIM protection service.

SKT considers this the most severe security breach in its history and is working to minimize customer damage. The company has not received reports of secondary damage or misuse of customer information on the dark web.