A joint government-private probe in South Korea revealed that attackers compromised servers at telecom giant SK Telecom in a major cyberattack, potentially exposing sensitive personal and USIM data of its entire subscriber base.
The investigation suggests that the breach began as far back as 15 June 2022, when attackers installed malware on SK Telecom’s servers.
The findings, announced on Monday, have triggered widespread concern over the risk of identity theft and financial fraud linked to the leaked data.
Investigators found that attackers infiltrated 23 servers, each storing four types of USIM data, including the International Mobile Subscriber Identity (IMSI), a unique identifier for mobile users.
They estimate the leak involved 9.32 gigabytes of USIM data, potentially exposing around 26.9 million IMSI numbers.
Given that SK Telecom currently serves 25 million users, including 2 million budget phone users, the possible exposure of nearly all subscribers is a significant concern.
Hackers temporarily used two of the affected servers to store personal user data, including names, birthdates, phone numbers, and email addresses.
Investigators have yet to determine the full scope of personal information contained on those servers.
The firewall logs show no evidence of leaks between 3 December 2024 and 24 April 2025, but missing data from 15 June 2022 to 2 December 2024 prevents confirming whether attackers exfiltrated any information during that period.
SK Telecom only detected the breach on 18 April 2025, nearly three years after the initial intrusion.
In response, the company has offered to replace the USIMs of all 25 million subscribers free of charge, including budget users, as a precaution against identity theft or fraudulent financial activity.
Additionally, the company has automatically enrolled all users in its USIM protection service, which it claims provides security measures equivalent to a physical SIM replacement in preventing unauthorised financial transactions.
As the investigation continues, experts warn that hackers could misuse the exposed IMSI data for SIM swapping, unauthorised access, or financial fraud, since IMSIs play a crucial role in mobile network authentication.
This incident not only raises questions about data security standards in the telecom sector but also highlights the long-term risks posed by undetected cyber intrusions.
Further findings from the investigation are expected in the coming weeks.
Also Read: Large Language Models To Destroy A Lot Of Software Jobs: Sridhar Vembu
Redmi to launch K90 Pro Max 5G in China on October 23 with Bose audio…
At Delhi’s Nizamuddin Dargah, the Muslim Rashtriya Manch’s ‘Jashn-e-Chiragh’ marked Dhanteras with prayers for peace…
PIB issues a warning over fraudulent SMS asking users to update delivery addresses within 12…
Dr Manan Vora highlights eight common daily habits, from late-night meals to prolonged sitting, that…
Gastroenterologist Dr Shubham Vatsya warns that overindulging in sweets can accelerate ageing and health risks,…
Zoravar Singh Sandhu wins trap bronze at ISSF 2025, earning Doha World Cup Final spot;…