In April, South Korea’s telecommunications leader, SK Telecom (SKT), faced a major cyberattack that resulted in the compromise of personal data for around 23 million customers—nearly half of the nation’s population.
During a National Assembly hearing in Seoul on Thursday, SKT’s CEO Young-sang Ryu revealed that roughly 250,000 users have already departed to other telecom providers due to this data breach. He anticipates that this figure could soar to 2.5 million—over ten times the current number—if the company eliminates cancellation fees.
According to Ryu, SKT could potentially incur losses of up to $5 billion (around ₩7 trillion) over the next three years if it opts not to impose cancellation fees for early contract cancellations.
“We’ve deemed this incident to be the most serious security breach in our history, and we are dedicated to doing everything possible to mitigate the damage to our clients,” a spokesperson for SKT told TechCrunch in an emailed statement. “We are currently investigating not only the number of affected customers but also the entity responsible for the hacking,” the spokesperson added.
A collaborative investigation involving both public and private sectors is underway to pinpoint the exact cause of this alarming event.
The Personal Information Protection Committee (PIPC) of South Korea stated on Thursday that 25 different types of sensitive information, including mobile phone numbers, unique identifiers (IMSI numbers), USIM authentication keys, and other USIM-related data, were unlawfully extracted from its central database—the home subscriber server. This breach significantly heightens the risk for customers regarding SIM swapping scams and potential government surveillance.
After publicly announcing the incident on April 22, SKT has begun offering SIM card protection and complimentary replacements to help protect its customers.
“We became aware of potential information leakage concerning SIMs on April 19,” the spokesperson shared with TechCrunch. “Upon confirming the breach, we immediately isolated the affected system while conducting a thorough review of our entire infrastructure.”
“To further secure our customers’ data, we’re working on a system designed to protect user information through the SIM protection service while ensuring they can use roaming services effortlessly outside of Korea by May 14,” the spokesperson added.
As of now, SKT reports that it has not received any claims of secondary damage, nor have they verified any instances of customer data being shared or exploited on the dark web or elsewhere, as confirmed to TechCrunch.
A Timeline of SKT’s Data Breach
April 18, 2025
SKT detected irregular activities on April 18 at 11:20 p.m. local time. They discovered unusual logs and signs of files being deleted from systems used to monitor customer billing information, including usage data and call durations.
April 19, 2025
The company confirmed a data breach on April 19 affecting its home subscriber server in Seoul, which typically contains user information related to authentication, authorization, location, and mobility.
April 20, 2025
SKT reported the cyberattack to Korea’s cybersecurity agency.
April 22, 2025
SKT confirmed on its website the detection of suspicious activity suggesting a “potential” data breach involving some user USIM-related data.
April 28, 2025
SKT commenced replacing SIM cards for 23 million users, yet the company experienced shortages in acquiring enough USIM cards to meet its commitment for free replacements.
April 30, 2025
Investigations led by South Korean police into the suspected cyberattack began on April 18.
May 1, 2025
Local media reports indicated that many South Korean firms, including SKT, utilized Ivanti VPN equipment and that the recent data breach may involve hackers linked to China.
According to reports from local outlets, SKT disclosed that it received a cybersecurity notice from KISA, urging them to disable and replace the Ivanti VPN.
A Taiwan-based cybersecurity firm, TeamT5, raised alerts about global threats from a government-affiliated group in China, which reportedly exploited vulnerabilities within Ivanti’s Connect Secure VPN systems to infiltrate multiple organizations worldwide.
Approximately 20 sectors have been impacted, including automotive, chemical, finance, law firms, media, research institutes, and telecommunications across 12 nations like Australia, South Korea, Taiwan, and the United States.
May 6, 2025
Investigators from the public and private sectors uncovered an additional eight types of malware linked to the SKT hacking case. The team is now looking into whether this new malware was installed on the same home subscriber server as the original four strains or if they were on different systems.
May 7, 2025
Tae-won Chey, Chairman of SK Group which oversees SKT, made a public apology for the data breach—marking the first time he addressed the situation, roughly three weeks post-incident.
By May 7, all users eligible for the SIM protection service had registered, with the exception of those abroad using roaming services temporarily, as noted by the spokesperson to TechCrunch. The company has implemented a fraud detection system for all customers to thwart unauthorized logins through cloned SIM cards.
May 8, 2028
SKT is currently deliberating how to approach cancellation fees for those impacted by the data breach. The company’s CEO reported that around 250,000 users have already chosen to switch to other telecom providers in light of the incident.
Meanwhile, South Korean authorities have revealed that 25 types of sensitive personal information were compromised during the attack on the company’s databases.
