In a major cybersecurity incident, SK Telecom, one of South Korea’s largest telecom providers, experienced a significant data breach in April that exposed the personal information of around 23 million users—nearly half the country’s population.
The breach, which is still under investigation, has sparked national concern and could potentially lead to a mass customer exodus. During a recent hearing in Seoul, CEO Ryu Young-sang revealed that around 250,000 customers have already left the network. If the company waives early termination fees, that number could surge to 2.5 million, resulting in potential losses of up to $5 billion over the next three years.
Authorities and cybersecurity experts are working together to uncover how the breach occurred. Initial findings suggest that hackers accessed the company’s core subscriber database, stealing 25 different types of personal data. This included sensitive items such as phone numbers, IMSI details, USIM keys, and other critical identifiers—raising fears of SIM-swapping attacks and surveillance threats.
SK Telecom officially disclosed the breach on April 22, noting that it had already begun offering free SIM card replacements and launched a SIM protection service. The company stated that it detected unusual system behavior on April 18 and isolated the compromised equipment by April 19. It reported the breach to national cybersecurity officials the following day.
Since the incident, SKT has struggled to meet the demand for SIM replacements due to supply shortages. Investigators later found additional malware strains linked to the breach, raising concerns about the depth and scope of the cyberattack. Analysts suspect that vulnerabilities in Ivanti VPN systems may have been exploited by hackers potentially tied to state-sponsored groups, possibly from China.
In response, SKT has implemented fraud detection systems and enrolled affected users into protective services, with exceptions made for those overseas or on suspended accounts. Chairman Chey Tae-won issued a public apology three weeks after the breach, acknowledging the gravity of the situation.
As of early May, South Korean authorities confirmed that over two dozen types of customer data had been stolen. The investigation remains ongoing, and SK Telecom is reviewing policies around cancellation penalties for those affected.
