In a massive security failure, South Korean telecommunications giant SK Telecom (SKT) confirmed a major cyberattack that resulted in the theft of personal data belonging to approximately 23 million customers. This breach impacts nearly half of South Korea’s 52 million residents, triggering a national investigation and a significant exodus of subscribers.
Financial Fallout and Subscriber Loss
During a National Assembly hearing in Seoul, SKT CEO Young-sang Ryu revealed that 250,000 customers have already abandoned the provider following the incident. Ryu warned that if the company waives contract cancellation fees, this figure could surge to 2.5 million users. Such a move could cost the telco up to $5 billion (approximately ₩7 trillion) over the next three years.
“SK Telecom considers this incident the most severe security breach in the company’s history,” an SKT spokesperson stated, confirming that the origin of the attack and the threat actors involved remain under active investigation.
The Scope of the Compromised Data
The Personal Information Protection Committee (PIPC) reported that 25 distinct categories of personal data were exfiltrated from the company’s central home subscriber server. Exposed information includes mobile numbers, unique identifiers (IMSI), and critical USIM authentication keys. This level of exposure significantly elevates the risk of SIM swapping attacks and potential government surveillance for affected individuals.
Chronology of the SKT Breach
The timeline of the incident reveals a rapid escalation in both discovery and impact:
- April 18, 2025: SKT detects abnormal activity and file deletion logs on equipment used to manage billing and data usage.
- April 19, 2025: The company identifies a breach in its home subscriber server, which houses sensitive authentication and mobility data.
- April 22, 2025: SKT publicly confirms the “potential” breach involving USIM data.
- April 28, 2025: The company begins a massive SIM card replacement program, though it immediately encounters supply shortages.
- May 1, 2025: Reports emerge linking the attack to China-backed hackers exploiting vulnerabilities in Ivanti VPN equipment.
- May 6, 2025: Investigators discover eight additional strains of malware within the system.
- May 7, 2025: SK Group Chairman Tae-won Chey issues a formal public apology for the security failure.
Security Remediation Efforts
SKT has implemented several emergency measures, including mandatory SIM protection services and enhanced fraud detection systems to prevent unauthorized logins via cloned cards. While the company claims no evidence of the data being sold on the dark web thus far, the investigation into the breach—and its potential connection to global campaigns targeting Ivanti VPN vulnerabilities—continues to unfold as a major cybersecurity crisis.