In April, South Korea’s telco large SK Telecom (SKT) was hit by a cyberattack that led to the theft of non-public information on roughly 23 million clients, equal to nearly half of the nation’s 52 million residents.
At a National Assembly listening to in Seoul on Thursday, SKT chief government Young-sang Ryu mentioned about 250,000 customers have switched to a special telecom supplier following the info breach. He mentioned that expects this quantity to succeed in 2.5 million, greater than tenfold the present quantity, if the corporate waives cancellation charges.
The firm may lose as much as $5 billion (round ₩7 trillion) over the following three years if it decides to not cost cancellation charges for customers who wish to cancel their contract early, Ryu mentioned on the listening to.
“SK Telecom considers this incident probably the most extreme safety breach within the firm’s historical past and is placing forth our utmost effort to reduce any injury to our clients,” a spokesperson at SKT instructed TechCrunch in an emailed assertion. “The variety of clients affected and the entity liable for the hacking is below investigation,” the spokesperson added.
A joint investigation involving each private and non-private entities is presently underway to establish the particular reason for the incident.
The Personal Information Protection Committee (PIPC) of South Korea introduced on Thursday that 25 various kinds of private data, together with cell phone numbers and distinctive identifiers (IMSI numbers), in addition to USIM authentication keys and different USIM information, had been exfiltrated from its central database, often known as its house subscriber server. The compromised information can put clients at higher danger of SIM swapping assaults and authorities surveillance.
After its official announcement of the incident on April 22, SKT has been providing SIM card safety and free SIM card replacements to forestall additional injury to its clients.
“We detected attainable data leakage relating to SIM on April 19,” the spokesperson at SKT instructed TechCrunch. “Following the identification of the breach, we instantly remoted the affected gadget whereas totally investigating your entire system.”
“To additional safeguard our clients, we’re presently growing a system that may shield customers’ data via the SIM safety service whereas permitting them to make use of roaming providers seamlessly exterior of Korea by May 14,” the spokesperson mentioned.
To date, SKT has not obtained any stories of secondary injury and no verified situations of buyer data being distributed or misused on the darkish net or different platforms, the corporate instructed TechCrunch.
A timeline of SKT’s information breach
April 18, 2025
SKT detected irregular actions on April 18 at 11:20 pm native time. SKT discovered uncommon logs and indicators of information having been deleted on tools that the corporate makes use of for monitoring and managing billing data for its clients, together with information utilization and name durations.
April 19, 2025
The firm recognized an information breach on April 19 in its house subscriber server in Seoul, which usually homes subscriber data, together with authentication, authorization, location, and mobility particulars.
April 20, 2025
SKT reported the cyberattack incident to Korea’s cybersecurity company on April 20.
April 22, 2025
SKT confirmed on its web site that it detected suspicious exercise, indicating a “potential” information breach involving some data associated to customers’ USIMs information.
April 28, 2025
SKT started changing cell SIM playing cards of 23 million customers, however the firm has confronted shortages in acquiring enough USIM playing cards to satisfy its promise to supply free SIM card replacements.
April 30, 2025
South Korean police started investigating SKT’s suspected cyberattack on April 18.
April 30, 2025
South Korean police started investigating SKT’s cyberattack on April 30.
According to native media stories, many South Korean firms, together with SKT, use Ivanti VPN tools, and that the latest information breach could also be related to China-backed hackers.
Per an area media report, SKT mentioned it obtained a cybersecurity discover from KISA instructing the corporate to show off and substitute the Ivanti VPN.
TeamT5, a cybersecurity firm based mostly in Taiwan, alerted the general public to the worldwide threats posed by a government-backed group linked to China, which allegedly took benefit of vulnerabilities in Ivanti’s Connect Secure VPN methods to achieve entry to a number of organizations globally.
Some 20 industries have been affected, together with automotive, chemical, monetary establishments, regulation companies, media, analysis institutes, and telecommunications, throughout 12 international locations, together with Australia, South Korea, Taiwan, and the United States.
May 6, 2025
A staff of private and non-private investigators found an extra eight varieties of malware in SKT’s hacking case. The staff is presently investigating whether or not the brand new malware was put in on the identical house subscriber server as the unique 4 strains or if they’re positioned on separate server tools.
May 7, 2025
Tae-won Chey, the chairman of SK Group, which operates SKT, publicly apologized for the primary time for the info breach, some three weeks after the breach occurred.
As of May 7, all eligible customers have been signed up for the SIM safety service, besides these residing overseas utilizing roaming providers and briefly suspended, the spokesperson instructed TechCrunch, including that its fraud detection system has already been arrange for all clients to forestall unauthorized login makes an attempt utilizing cloned SIM playing cards.
May 8, 2028
SKT is presently assessing find out how to deal with the cancellation charges for customers affected by the info breach incident. About 250,000 customers have switched to a different telecom supplier following the breach, in accordance with the corporate’s chief government at a National Assembly listening to.
South Korean authorities, in the meantime, introduced that 25 varieties of private data had been leaked from the corporate’s databases throughout the cyberattack.
