In April, South Korea’s telco big SK Telecom (SKT) was hit by a cyberattack that led to the theft of private information on roughly 23 million prospects, equal to virtually half of the nation’s 52 million residents.
At a Nationwide Meeting listening to in Seoul on Thursday, SKT chief government Younger-sang Ryu stated about 250,000 customers have switched to a unique telecom supplier following the data breach. He stated that expects this quantity to achieve 2.5 million, greater than tenfold the present quantity, if the corporate waives cancellation charges.
The corporate might lose as much as $5 billion (round ₩7 trillion) over the subsequent three years if it decides to not cost cancellation charges for customers who need to cancel their contract early, Ryu stated on the listening to.
“SK Telecom considers this incident probably the most extreme security breach within the firm’s historical past and is placing forth our utmost effort to reduce any injury to our prospects,” a spokesperson at SKT instructed information.killnetswitch in an emailed assertion. “The variety of prospects affected and the entity liable for the hacking is below investigation,” the spokesperson added.
A joint investigation involving each private and non-private entities is at the moment underway to determine the precise reason behind the incident.
The Private Data Safety Committee (PIPC) of South Korea introduced on Thursday that 25 several types of private info, together with cell phone numbers and distinctive identifiers (IMSI numbers), in addition to USIM authentication keys and different USIM information, had been exfiltrated from its central database, often known as its residence subscriber server. The compromised information can put prospects at higher threat of SIM swapping assaults and authorities surveillance.
After its official announcement of the incident on April 22, SKT has been providing SIM card safety and free SIM card replacements to forestall additional injury to its prospects.
“We detected attainable info leakage concerning SIM on April 19,” the spokesperson at SKT instructed information.killnetswitch. “Following the identification of the breach, we instantly remoted the affected system whereas completely investigating the whole system.”
“To additional safeguard our prospects, we’re at the moment creating a system that may shield customers’ info via the SIM safety service whereas permitting them to make use of roaming companies seamlessly exterior of Korea by Could 14,” the spokesperson stated.
To this point, SKT has not acquired any reviews of secondary injury and no verified cases of buyer info being distributed or misused on the darkish net or different platforms, the corporate instructed information.killnetswitch.
A timeline of SKT’s data breach
April 18, 2025
SKT detected irregular actions on April 18 at 11:20 pm native time. SKT discovered uncommon logs and indicators of information having been deleted on gear that the corporate makes use of for monitoring and managing billing info for its prospects, together with information utilization and name durations.
April 19, 2025
The corporate recognized a data breach on April 19 in its residence subscriber server in Seoul, which generally homes subscriber info, together with authentication, authorization, location, and mobility particulars.
April 20, 2025
SKT reported the cyberattack incident to Korea’s cybersecurity company on April 20.
April 22, 2025
SKT confirmed on its web site that it detected suspicious exercise, indicating a “potential” data breach involving some info associated to customers’ USIMs information.
April 28, 2025
SKT started changing cell SIM playing cards of 23 million customers, however the firm has confronted shortages in acquiring ample USIM playing cards to satisfy its promise to offer free SIM card replacements.
April 30, 2025
South Korean police started investigating SKT’s suspected cyberattack on April 18.
Could 1, 2025
In keeping with native media reviews, many South Korean firms, together with SKT, use Ivanti VPN gear, and that the current data breach could also be related to China-backed hackers.
Per an area media report, SKT stated it acquired a cybersecurity discover from KISA instructing the corporate to show off and substitute the Ivanti VPN.
TeamT5, a cybersecurity firm based mostly in Taiwan, alerted the general public to the worldwide threats posed by a government-backed group linked to China, which allegedly took benefit of vulnerabilities in Ivanti’s Join Safe VPN programs to achieve entry to a number of organizations globally.
Some 20 industries have been affected, together with automotive, chemical, monetary establishments, legislation companies, media, analysis institutes, and telecommunications, throughout 12 nations, together with Australia, South Korea, Taiwan, and the US.
Could 6, 2025
A workforce of private and non-private investigators found a further eight varieties of malware in SKT’s hacking case. The workforce is at the moment investigating whether or not the brand new malware was put in on the identical residence subscriber server as the unique 4 strains or if they’re situated on separate server gear.
Could 7, 2025
Tae-won Chey, the chairman of SK Group, which operates SKT, publicly apologized for the primary time for the data breach, some three weeks after the breach occurred.
As of Could 7, all eligible customers have been signed up for the SIM safety service, besides these dwelling overseas utilizing roaming companies and briefly suspended, the spokesperson instructed information.killnetswitch, including that its fraud detection system has already been arrange for all prospects to forestall unauthorized login makes an attempt utilizing cloned SIM playing cards.
Could 8, 2028
SKT is at the moment assessing methods to deal with the cancellation charges for customers affected by the data breach incident. About 250,000 customers have switched to a different telecom supplier following the breach, in accordance with the corporate’s chief government at a Nationwide Meeting listening to.
South Korean authorities, in the meantime, introduced that 25 varieties of private info have been leaked from the corporate’s databases in the course of the cyberattack.
