SK Telecom under the spotlight after damaging data breach – Telecoms.com

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and Informa
Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.
South Korean authorities have launched a probe into a cyberattack on SK Telecom (SKT) that exposed customers’ SIM-related data.
April 23, 2025
The Ministry of Science and ICT (MSIT) said it has sent experts to SKT to provide technical support, analyse the cause of the incident, and mitigate its impact.
"Considering the seriousness of the incident, including the leak of personal information, the damage status, and security vulnerabilities, the MSIT formed an emergency response team headed by the Cyber Security and Network Policy bureau of the MSIT," the ministry said.
According to a report by Chosun Biz, the Cyber Investigation Unit of the Seoul Metropolitan Police is also looking into it.
The attack in question took place over the weekend, and was confirmed by SKT earlier this week. The operator said malware caused "some" SIM-related information to be leaked – it didn't say how many customers have been compromised and exactly what data is out there.
"SK Telecom immediately deleted the malware after recognising the possibility of a leak, and also isolated the suspected hacking device. As of now, there have been no confirmed cases of actual exploitation of the information."
SKT said it is carrying out a complete system-wide investigation into the breach, and is stepping up efforts to block illegal SIM card changes and abnormal authentication attempts. It is also locking accounts that exhibit signs of suspicious activity.
Related:Lumen launches cyber security tool designed to automatically block threats
SKT is also messaging every customer with instructions for how to sign up to its SIM protection service.
It is being offered free of charge, and enables security features designed to prevent SIM-swap attacks. These include blocking unauthorised device changes, and restricting fraudulent use from abroad.
SKT said there have been 72,000 new sign-ups since it began promoting the service.
This is rare mishap for SKT.
The last major cyberattack it suffered appears to have been in 2011, when Chinese hackers stole data from 35 million users of a social network called Cyworld, and a Web portal called Nate, which were both operated at the time by SK Communications.
Depending on the root cause and true scale of the breach – and whether there was any negligence on SKT's part – it seems likely that SKT will face little more than a slap on the wrist.
In Korea, data protection is overseen by the Personal Information Protection Commission (PIPC), which has the power to impose fines for leaks and illegal data collection practices.
These fines don't seem to add up to much though.
Chosun Biz reported last month that travel agency Modetour Network was fined KRW740 million ($520,455) for neglecting safety measures that exposed the personal information of 3.06 million customers.
Related:UK SMEs loosing £3.4 billion a year to cyber attacks – Vodafone
Last year, Facebook parent Meta was fined approximately $15 million for illegally collecting personal data from Facebook users, including information about their political views or sexual orientation.
For companies this size, sums like this amount to little more than a rounding error.
SKT officials are more likely to be sweating on the potential reputational fallout from this hack. If a sufficient number of customers are affected, and the operator's defences were found to be lacking in a way that suggests negligence, then some execs could find themselves being hauled over the coals.
You May Also Like
Apr 23, 2025
Apr 23, 2025
Apr 22, 2025
Apr 22, 2025
Oct 3, 2024
Oct 29, 2024
Sep 25, 2024
Aug 29, 2024
Nov 27, 2024
Aug 14, 2024
Apr 17, 2024
Dec 4, 2023
Copyright © 2025. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.

source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.