In April, South Korean telephone company giant SK Telecom (SKT) was hit by a cyber attack that led to theft of personal data on roughly 23 million customers.
During a National Assembly hearing in Seoul on Thursday, SKT CEO Young-Sang Ryu said that around 250,000 users have switched to another communications provider following the data breaches. He said he expects the number to reach more than ten times the current amount if the company waives its cancellation fee.
The company could lose up to $5 billion (about $7 trillion) over the next three years if it decides not to charge cancellation fees to users who want to cancel their contracts early, Ryu said at the hearing.
“SK Telecom considers this incident as the most serious security breach in the company's history and is making every effort to minimize damage to our customers,” a SKT spokesman said in an emailed statement. “The number of customers affected and the entities responsible for hacking are under investigation,” the spokesman added.
A joint investigation is currently underway, involving both public and private companies, to identify the specific cause of the incident.
The South Korean Privacy Commission (PIPC) announced on Thursday that 25 types of personal information, including mobile phone numbers and unique identifiers (IMSI numbers), USIM authentication keys and other USIM data, have been excluded from the central database known as the home's subscriber servers. Breached data could increase the risk of customers exchanging SIM attacks and government surveillance.
After the official announcement of the incident on April 22nd, SKT will offer SIM card protection and free SIM card exchanges to prevent further damage to customers.
“We detected a leak of information about SIM on April 19th,” a SKT spokesman told TechCrunch. “Following the identification of the violation, we quickly isolated the affected devices while investigating the entire system thoroughly.”
“To further protect our customers, we are currently developing a system that can protect users' information through SIM protection services, allowing roaming services to be used outside of Korea by May 14th,” the spokesman said.
To date, SKT has not received any reports of secondary damages and has not received verified instances whose customer information has been distributed or misused on Dark Web or other platforms, the company told TechCrunch.
SKT data breach timeline
April 18, 2025
SKT detected abnormal activity at 11:20pm local time on April 18th. SKT has discovered abnormal logs and file signs deleted on the equipment it uses to monitor and manage customer billing information, such as data usage and duration of call.
April 19, 2025
The company identified a data breach on its home subscriber server in Seoul on April 19th. Seoul typically houses subscriber information, including authentication, authorization, location and mobility details.
April 20, 2025
SKT reported the cyberattack to South Korea's cybersecurity agency on April 20th.
April 22, 2025
SKT has confirmed on its website that it has detected suspicious activity indicating a “potential” data breaches related to information related to users' USIMS data.
April 28, 2025
SKT has begun replacing mobile SIM cards for 23 million users, but the company faces a lack of getting enough USIM cards to fulfill its promise to offer free SIM card exchanges.
April 30, 2025
South Korean police began investigating the alleged cyberattack on SKT on April 18th.
May 1, 2025
Local media reports say many Korean companies, including SKT, use Ivanti VPN equipment, and recent data breaches may be linked to Chinese aid hackers.
According to a local media report, SKT said it received a cybersecurity notification from KISA and instructed the company to turn off the Ivanti VPN and replace it.
TeamT5, a Taiwan-based cybersecurity company, has warned the public about the global threat posed by government-supported groups related to China.
Approximately 20 industries have been affected in 12 countries, including Australia, South Korea, Taiwan and the United States, including automobiles, chemicals, financial institutions, law firms, media, research institutes and telecommunications.
May 6, 2025
A team of public and private investigators discovered eight more malware in SKT hacking cases. The team is currently investigating whether the new malware is installed on the same home subscriber server as the original four stocks, or on separate server devices.
May 7, 2025
Tae-Won Chey, chairman of SK Group, which operates SKT, publicly apologised for the first time for the data breach, about three weeks after the violation occurred.
As of May 7, all eligible users are signed up for SIM protection services, except that they are temporarily suspended with people living abroad using the roaming service.
May 8, 2028
SKT is currently evaluating how it handles cancellation fees for users affected by data breach incidents. According to the chief executive of the National Assembly Hearing, approximately 250,000 users have switched to another communications provider following the violation.
Meanwhile, South Korean authorities announced that 25 types of personal information had been leaked from the company's database during the cyber attack.