SK Telecom (SKT), South Korea’s largest telecom provider, has confirmed a devastating cyberattack that compromised the personal data of approximately 23 million users—nearly half of the country’s population. The company described the SKT data breach as its most serious security failure in history.
During a hearing at the National Assembly in Seoul, CEO Young-sang Ryu revealed that over 250,000 users have already switched to other telecom providers. If SKT removes early termination fees, that number could surge to 2.5 million, potentially resulting in a $5 billion loss over the next three years.
A company spokesperson stated, “We are doing everything possible to reduce harm to our customers,” while noting that the full impact and identity of the attackers are still being investigated. A joint public-private investigation team is currently working to uncover the root cause.
Stolen Data in SKT Data Breach Includes SIM Keys, Triggers Security Concerns
South Korea’s Personal Information Protection Committee confirmed that 25 types of personal data were exfiltrated. These include mobile numbers, IMSI identifiers, and USIM authentication keys, putting customers at serious risk of SIM swapping attacks and potential surveillance.
Suspicious activity was first detected on April 18, followed by confirmation of the breach on April 19. The incident targeted SKT’s home subscriber server, which manages sensitive customer data such as identity, location, and device authentication. By April 22, the breach was publicly acknowledged, and SKT began replacing affected SIM cards starting April 28.
However, the company soon faced shortages of USIM cards, delaying its recovery efforts. Meanwhile, investigators discovered eight new strains of malware linked to the attack, raising concerns about further system infiltration.
Reports suggest the breach may have been caused by vulnerabilities in Ivanti VPN systems, which are widely used across South Korea. A Taiwanese security firm, TeamT5, linked the breach to a China-backed hacker group exploiting flaws in Ivanti’s Connect Secure VPN.
SKT Implements SIM Protection and Apologizes
As of May 7, SKT stated that all eligible customers had been enrolled in its SIM protection service, except those using international roaming or whose accounts were temporarily suspended. The company also confirmed that its fraud detection system is now fully active to prevent unauthorized SIM cloning and login attempts.
On May 6, SK Group Chairman Tae-won Chey publicly apologized for the incident, nearly three weeks after the breach was confirmed. SKT is still reviewing whether to waive cancellation fees for affected users, while customer loss continues to grow.
South Korean authorities have confirmed that 25 categories of sensitive data were leaked during the attack. To date, no verified cases of data misuse have been found, but officials warn that the full consequences of the breach may emerge in the coming months.
