In April, South Korea’s telco large SK Telecom (SKT) was hit by a cyberattack that led to the theft of non-public knowledge on roughly 23 million clients, equal to virtually half of the nation’s 52 million residents.
At a Nationwide Meeting listening to in Seoul on Thursday, SKT chief government Younger-sang Ryu mentioned about 250,000 customers have switched to a distinct telecom supplier following the info breach. He mentioned he expects this quantity to succeed in 2.5 million, greater than tenfold the present quantity, if the corporate waives cancellation charges.
The corporate might lose as much as $5 billion (round ₩7 trillion) over the following three years if it decides to not cost cancellation charges for customers who wish to cancel their contract early, Ryu mentioned on the listening to.
“SK Telecom considers this incident essentially the most extreme safety breach within the firm’s historical past and is placing forth our utmost effort to attenuate any harm to our clients,” a spokesperson at SKT instructed TechCrunch in an emailed assertion. “The variety of clients affected and the entity answerable for the hacking is beneath investigation,” the spokesperson added.
A joint investigation involving each private and non-private entities is at the moment underway to establish the precise reason behind the incident.
The Private Info Safety Committee (PIPC) of South Korea introduced on Thursday that 25 various kinds of private info, together with cell phone numbers and distinctive identifiers (IMSI numbers), in addition to USIM authentication keys and different USIM knowledge, had been exfiltrated from its central database, often known as its residence subscriber server. The compromised knowledge can put clients at larger danger of SIM swapping assaults and authorities surveillance.
After its official announcement of the incident on April 22, SKT has been providing SIM card safety and free SIM card replacements to stop additional harm to its clients.
“We detected doable info leakage concerning SIM on April 19,” the spokesperson at SKT instructed TechCrunch. “Following the identification of the breach, we instantly remoted the affected gadget whereas completely investigating your complete system.”
“To additional safeguard our clients, we’re at the moment growing a system that may shield customers’ info via the SIM safety service whereas permitting them to make use of roaming companies seamlessly outdoors of Korea by Might 14,” the spokesperson mentioned.
So far, SKT has not obtained any stories of secondary harm and no verified situations of buyer info being distributed or misused on the darkish net or different platforms, the corporate instructed TechCrunch.
A timeline of SKT’s knowledge breach
April 18, 2025
SKT detected irregular actions on April 18 at 11:20 p.m. native time. SKT discovered uncommon logs and indicators of recordsdata having been deleted on gear that the corporate makes use of for monitoring and managing billing info for its clients, together with knowledge utilization and name durations.
April 19, 2025
The corporate recognized a knowledge breach on April 19 in its residence subscriber server in Seoul, which usually homes subscriber info, together with authentication, authorization, location, and mobility particulars.
April 20, 2025
SKT reported the cyberattack incident to Korea’s cybersecurity company.
April 22, 2025
SKT confirmed on its web site that it detected suspicious exercise, indicating a “potential” knowledge breach involving some info associated to customers’ USIMs knowledge.
April 28, 2025
SKT started changing cellular SIM playing cards of 23 million customers, however the firm has confronted shortages in acquiring adequate USIM playing cards to meet its promise to supply free SIM card replacements.
April 30, 2025
South Korean police started investigating SKT’s suspected cyberattack on April 18.
Might 1, 2025
In response to native media stories, many South Korean corporations, together with SKT, use Ivanti VPN gear, and that the latest knowledge breach could also be related to China-backed hackers.
Per a neighborhood media report, SKT mentioned it obtained a cybersecurity discover from KISA instructing the corporate to show off and exchange the Ivanti VPN.
TeamT5, a cybersecurity firm primarily based in Taiwan, alerted the general public to the worldwide threats posed by a government-backed group linked to China, which allegedly took benefit of vulnerabilities in Ivanti’s Join Safe VPN techniques to realize entry to a number of organizations globally.
Some 20 industries have been affected, together with automotive, chemical, monetary establishments, regulation companies, media, analysis institutes, and telecommunications, throughout 12 international locations, together with Australia, South Korea, Taiwan, and the USA.
Might 6, 2025
A workforce of private and non-private investigators found a further eight sorts of malware in SKT’s hacking case. The workforce is at the moment investigating whether or not the brand new malware was put in on the identical residence subscriber server as the unique 4 strains or if they’re situated on separate server gear.
Might 7, 2025
Tae-won Chey, the chairman of SK Group, which operates SKT, publicly apologized for the primary time for the info breach, some three weeks after the breach occurred.
As of Might 7, all eligible customers have been signed up for the SIM safety service, besides these residing overseas utilizing roaming companies and briefly suspended, the spokesperson instructed TechCrunch, including that its fraud detection system has already been arrange for all clients to stop unauthorized login makes an attempt utilizing cloned SIM playing cards.
Might 8, 2028
SKT is at the moment assessing tips on how to deal with the cancellation charges for customers affected by the info breach incident. About 250,000 customers have switched to a different telecom supplier following the breach, in accordance with the corporate’s chief government at a Nationwide Meeting listening to.
South Korean authorities, in the meantime, introduced that 25 sorts of private info have been leaked from the corporate’s databases through the cyberattack.
