SK Telecom Data Breach Sparks Privacy Concerns In South Korea

A joint government-private probe in South Korea revealed that attackers compromised servers at telecom giant SK Telecom in a major cyberattack, potentially exposing sensitive personal and USIM data of its entire subscriber base.

The investigation suggests that the breach began as far back as 15 June 2022, when attackers installed malware on SK Telecom’s servers.

The findings, announced on Monday, have triggered widespread concern over the risk of identity theft and financial fraud linked to the leaked data.

Investigators found that attackers infiltrated 23 servers, each storing four types of USIM data, including the International Mobile Subscriber Identity (IMSI), a unique identifier for mobile users.

They estimate the leak involved 9.32 gigabytes of USIM data, potentially exposing around 26.9 million IMSI numbers.

Given that SK Telecom currently serves 25 million users, including 2 million budget phone users, the possible exposure of nearly all subscribers is a significant concern.

Personal Information Also At Risk

Hackers temporarily used two of the affected servers to store personal user data, including names, birthdates, phone numbers, and email addresses.

Investigators have yet to determine the full scope of personal information contained on those servers.

The firewall logs show no evidence of leaks between 3 December 2024 and 24 April 2025, but missing data from 15 June 2022 to 2 December 2024 prevents confirming whether attackers exfiltrated any information during that period.

SK Telecom only detected the breach on 18 April 2025, nearly three years after the initial intrusion.

In response, the company has offered to replace the USIMs of all 25 million subscribers free of charge, including budget users, as a precaution against identity theft or fraudulent financial activity.

Additionally, the company has automatically enrolled all users in its USIM protection service, which it claims provides security measures equivalent to a physical SIM replacement in preventing unauthorised financial transactions.

As the investigation continues, experts warn that hackers could misuse the exposed IMSI data for SIM swapping, unauthorised access, or financial fraud, since IMSIs play a crucial role in mobile network authentication.

This incident not only raises questions about data security standards in the telecom sector but also highlights the long-term risks posed by undetected cyber intrusions.

Further findings from the investigation are expected in the coming weeks.

Also Read: Large Language Models To Destroy A Lot Of Software Jobs: Sridhar Vembu