In April 2025, SK Telecom, South Korea's largest mobile telecommunications provider, faced an unprecedented cyberattack that compromised the Universal Subscriber Identity Module (USIM) data of approximately 25 million customers. This breach not only exposed sensitive subscriber information but also raised significant concerns about the security infrastructure of major telecom operators.
The Breach Unfolded
On April 18, 2025, SK Telecom detected a cyber intrusion that led to a substantial leak of USIM data. The compromised information included International Mobile Subscriber Identity (IMSI) numbers, International Mobile Equipment Identity (IMEI) numbers, and authentication keys. While personal identification details and financial information were reportedly not exposed, the nature of the leaked data posed serious risks, such as unauthorized SIM cloning and potential identity theft. (bleepingcomputer.com)
Immediate Response and Customer Impact
In response to the breach, SK Telecom announced a comprehensive plan to mitigate potential damages. The company offered free USIM card replacements to all affected customers, including those using mobile virtual network operators (MVNOs) that rely on SK Telecom's infrastructure. The replacement program commenced on April 28, 2025, with customers encouraged to visit T World stores or designated service centers for the free replacements. (koreajoongangdaily.joins.com)
However, the initiative faced logistical challenges. With an initial stock of only 1 million USIM cards and plans to secure an additional 5 million by the end of May, the supply was insufficient to meet the immediate demand from all 25 million subscribers. This shortage led to long queues at service centers and heightened customer frustration. (koreajoongangdaily.joins.com)
Leadership Acknowledgment and Apology
SK Telecom's CEO, Ryu Young-sang, publicly acknowledged the severity of the incident, describing it as "the worst hacking case in the history of the telecom industry." During a parliamentary session, Ryu admitted to procedural flaws in the company's delayed reporting of the breach to the Korea Internet & Security Agency (KISA), which exceeded the mandated 24-hour notification period. (koreajoongangdaily.joins.com)
Customer Exodus and Market Impact
The breach had immediate repercussions on SK Telecom's customer base. On April 28, the company experienced a net loss of over 25,000 subscribers, with more than 34,000 customers switching to rival carriers such as KT and LG U+. This marked a significant departure from the company's typical daily subscriber loss, which had not exceeded 200 prior to the incident. (koreajoongangdaily.joins.com)
Security Enhancements and Preventive Measures
In addition to the USIM replacement program, SK Telecom implemented several security measures to prevent further exploitation of the leaked data. The company enhanced its Fraud Detection System (FDS) to the highest security level and introduced a USIM Protection Service designed to block unauthorized phone activations and fraudulent payment attempts using illegally cloned USIM cards. As of April 27, over 5.54 million customers had enrolled in the protection service. (bleepingcomputer.com)
Industry-Wide Implications and Regulatory Response
The SK Telecom breach underscored the vulnerabilities within the telecommunications sector and prompted a broader discussion on data security practices. Regulatory authorities, including the Personal Information Protection Commission, launched investigations into whether SK Telecom had appropriate security protocols in place to protect USIM data. The incident also led to increased scrutiny of other telecom operators, urging them to reassess and strengthen their cybersecurity measures. (en.yna.co.kr)
Conclusion
The massive hacking incident at SK Telecom serves as a stark reminder of the critical importance of robust cybersecurity frameworks in the telecommunications industry. While the company's swift response and remedial actions aimed to mitigate the immediate impact, the breach highlighted the need for continuous vigilance, proactive security measures, and transparent communication to maintain customer trust and safeguard sensitive information.
Source: 매일경제 A month has passed since the massive hacking of SK Telecom, Korea's largest mobile telecommunication.. - MK
