Seoul, South Korea – SK Telecom, South Korea’s largest mobile carrier, has confirmed a cyberattack resulting in the potential leakage of subscriber identity module (USIM) data. The company detected suspicious activity on its internal systems late on Friday, April 19, 2025, indicating that hackers had infiltrated their network and deployed malicious code.
Upon discovering the breach, SK Telecom immediately initiated its incident response protocols. The company reported the attack to the Korea Internet & Security Agency (KISA) and the Personal Information Protection Commission. Furthermore, SK Telecom claims to have successfully removed the malicious software and isolated the potentially compromised infrastructure.
While the full scope of the data breach is still under investigation, the fact that USIM data was targeted is raising significant concerns. USIM data, if compromised, could potentially be exploited for sophisticated attacks such as SIM swapping. In such attacks, a threat actor could transfer a victim’s phone number to their own device, thereby bypassing SMS-based two-factor authentication and gaining unauthorized access to various online accounts.
SK Telecom has stated that, as of today, there have been no confirmed instances of the leaked data being misused. However, as a precautionary measure, the company is bolstering its defenses against illegal SIM swaps and abnormal authentication attempts. Additionally, SK Telecom announced that it will offer a free USIM protection service to customers who wish to enhance their security.
The Ministry of Science and ICT has taken swift action, forming an emergency response team and dispatching investigators to SK Telecom’s headquarters in Seoul. Authorities have requested the company to preserve and submit all relevant data pertaining to the breach. KISA experts are also on-site to provide technical support in identifying the root cause of the attack and preventing further damage.
This incident marks another significant cybersecurity challenge for South Korea’s telecommunications sector, which has been a frequent target of cyberattacks. Industry reports indicate that the telecommunications industry accounted for the largest share of tracked cyberattacks in 2023.
If the ongoing investigation determines that SK Telecom failed to implement adequate security measures as mandated by the Personal Information Protection Act, the company could face substantial fines, potentially up to 3 percent of its related revenue.
We are currently continuously investigating the exact cause, scale, and items of the leak, and in accordance with relevant laws, we immediately reported the breach to the Korea Internet & Security Agency (KISA) on Sunday, April 20. In addition, we reported the personal information leak to the Personal Information Protection Commission at 10:00 a.m. on Tuesday, April 22 and are actively cooperating with the related investigation. SKTelecom added.
SK Telecom has issued a statement expressing its commitment to strengthening its company-wide security systems and implementing robust customer information protection measures to prevent similar incidents from occurring in the future. The company aims to restore customer trust in the wake of this security breach.
This is a developing story, and further updates are expected as the investigation progresses. Customers of SK Telecom are advised to remain vigilant and consider availing the free USIM protection service offered by the company.
General Information about Cyberattacks and Data Breaches:
Cyberattacks are malicious attempts to gain unauthorized access to computer systems, networks, or digital devices with the intent to disrupt operations, steal sensitive information, or cause other harm. Data breaches are a specific type of security incident where confidential or protected information is accessed or disclosed without authorization.
Common types of cyberattacks include:
- Malware Attacks: Involve the use of malicious software such as viruses, worms, ransomware, and spyware to damage or gain control of systems.
- Phishing: Deceptive attempts to acquire sensitive information like usernames, passwords, and credit card details by disguising as a trustworthy entity in electronic communication.
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: Overwhelming a target server with traffic to make it unavailable to legitimate users.
- SQL Injection: Exploiting vulnerabilities in database-driven applications to execute malicious SQL statements.
- Cross-Site Scripting (XSS): Injecting malicious scripts into websites viewed by other users.
- Advanced Persistent Threats (APTs): Sophisticated, long-term attacks often targeting specific organizations for espionage or data theft.
Consequences of data breaches can be severe and include:
- Financial Losses: Direct costs related to recovery, legal fees, regulatory fines, and reputational damage.
- Identity Theft: Compromised personal information can be used for fraudulent activities.
- Reputational Damage: Loss of customer trust and negative impact on brand image.
- Legal and Regulatory Penalties: Organizations may face fines and legal action for failing to protect personal data.
- Business Disruption: Attacks can disrupt normal operations and lead to significant downtime.
Preventive measures organizations and individuals can take include:
- Implementing strong passwords and using multi-factor authentication.
- Keeping software and operating systems up to date with the latest security patches.
- Using reputable antivirus and anti-malware software.
- Being cautious of suspicious emails, links, and attachments.
- Educating employees and individuals about cybersecurity threats and best practices.
- Implementing robust data encryption and access control mechanisms.
- Regularly backing up important data.
- Having a well-defined incident response plan in place.
The increasing frequency and sophistication of cyberattacks underscore the importance of robust cybersecurity measures for organizations of all sizes and vigilance among individual users.
