In April, South Korean’s Sk Telecom giant is affected by a Cyberettack that led to the theft of personal data to about 23 million customers, equivalent to almost half of 52 million inhabitants.
At a hearing of the National Assembly in Seoul on Thursday, SKT CEO Young-Sang Ryu said about 250,000 users have become a different telecommunications provider after the data breach. He said he expects that this number will reach 2.5 million, more than ten times the current amount if the company resigns from cancellation fees.
The company could lose up to $ 5 billion (about 7 trillion) over the next three years if it decides not to charge cancellation fees for users who want to cancel their contract early, Ryu said during the hearing.
“SK Telecom considers this incident the most serious violation of security in the company’s history and is making our maximum effort to minimize any damage to our customers,” a SKT spokesman told Techcrunch in an online statement. “The number of affected customers and the entity responsible for piracy are under investigation,” the spokesman added.
A joint survey involving both public and private entities is ongoing to identify the particular cause of the event.
The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday That 25 different types of personal information, including mobile phone numbers and unique IMSI identifiers, as well as USIM authentication keys and other USIM data, were exhausted by its central database, known as home subscribers server. Compromised data can put customers at greater risk of exchanging SIM attacks and overseeing the government.
After The official announcement of the incident on April 22SKT has provided SIM card protection and free SIM card replacements to prevent further damage to its customers.
“We have detected a possible leakage of information about SIM on April 19,” SKT spokesman in TechCrunch told. “After identifying the violation, we immediately isolated the affected device while exploring the entire system in detail.”
“To further protect our customers, we are currently developing a system that can protect users’ information through the SIM protection service, allowing them to use roaming services out of Korea on May 14,” the spokesman said.
To date, SKT has not received any reporting of secondary damage and has not been verified cases of customer information distributed or abusing the dark tissue or other platforms, the company told TechCrunch.
A timetable of SKT’s data breach
April 18 2025
SKT detected abnormal activities April 18 at 11:20 pm local time. SKT found unusual logs and file signs deleted in the equipment used by the company to monitor and manage billing information for its customers, including the use of data and time calls.
April 19 2025
The company recognized a data breach on April 19 at the subscriber server at its home in Seoul, which usually hosts subscriber information, including identity, authorization, location and mobility details.
April 20 2025
SKT reported the incident to cyberspace Korean cyber security organization.
April 22 2025
Skt confirmed on his website That it detected suspicious activity, indicating a “possible” data breach that includes certain information related to USIMs data.
April 28 2025
SKT began to replace SIM mobile cards of 23 million users, but the company has In contrast deficiencies in obtaining adequate USIM cards fulfill his promise to provide free SIM card replacements.
April 30 2025
South Korea police began to investigate SKT’s suspicious Cyberettack on April 18th.
1 May 2025
According to local media reportsMany South Korean companies, including SKT, use Ivanti VPN equipment and that recent data breach can be connected to China -backed hackers.
Per a local media reportSKT said it received cyberspace notification of security from Gauge Teaching the company to disable and replace Ivanti VPN.
Teamt5, a Taiwan -based cyber -based company, warned the public of the global threats they raised From a team backed by the government associated with China, which allegedly exploited vulnerabilities in Ivanti’s safe VPN systems to gain access to many organizations worldwide.
About 20 industries have been affected, such as the automotive industry, chemicals, financial institutions, law firms, media, research institutes and telecommunications in 12 countries such as Australia, South Korea, Taiwan and the United States.
May 6 2025
A group of public and private investigators discovered additional eight types of malicious software In the Hacking case of SKT. The team is currently investigating whether the new malicious software was installed on the same subscriber server at home with the original four executives or if they are on separate server equipment.
May 7 2025
Tae-Won Chey, the president of the SK group, who operates SKT, publicly apologized for the first time For data breach, about three weeks after breach.
Since May 7, all eligible users have been registered for the SIM Protection Service, except for those living abroad using roaming services and are temporarily suspended, the spokesman told TechCrunch, adding that the fraud detection system has already been created for all customers to prevent unauthorized SIMA.
May 8, 2028
SKT is currently evaluating how to deal with cancellation fees for users affected by the data breach incident. About 250,000 users have turned into another telecommunications provider after the breach, according to the company’s chief executive in a hearing of the National Assembly.
The South Korean authorities, meanwhile, announced that 25 types of personal information leak from the company’s databases during cyberettack.
