In April, South Korea’s Telko Visalaki SK Telecom (SKT) was targeted by a cybertack, which stole personal data on about 23 million users, which is equivalent to half of the country’s 52 million residents.
At the National Assembly hearing in Seoul on Thursday, SKT chief executive Young Singh Rio said that about 250 250,000 users have visited a different telecom provider after the data violation. He said that if the company exempts cancellation fees, he expects the number to reach 2.5 million, which is ten times higher than the current amount.
Rio said at the hearing, the company could lose $ 5 billion (about ₩ 7 trillion) over the next three years if it decides not to receive cancellation fees for consumers who want to cancel their contract soon.
“SK Telecom considers the incident to be the most stringent security violation in the company’s history and is doing our best to minimize any harm to our customers,” a SKT spokesman told Tech Crunch in an email statement. The spokesman added, “The number of affected users and the responsible organization for hacking is under investigation.”
A joint investigation comprising both public and private entities is currently underway to identify the specific cause of the incident.
Personal Information Protection Committee (PIPC) Of South Korea Announced Thursday That is, 25 different types of personal information, including mobile phone numbers and unique identifiers (IMSI number), as well as USIM verification keys and other USIM data, were excluded from its main database, known as its home subscriber server. The compromised data can put users at greater risk SIM exchange attacks And monitoring government.
After A formal announcement of the incident on April 22SKT is offering SIM card protection and free SIM card replacement to prevent further damage to its users.
“We found a potential information leak about SIM on April 19,” the SKT spokesman told Tech Crunch. “After the violation was identified, we immediately wasolated the affected device while investigating the entire system well.”
The spokesperson said, “We are currently developing a system that can protect consumer information through the SIM protection service while allowing them to use roaming services out of Korea by May 14 without interruption.”
The company told Tech Crunch that to date, SKT has not received any information of secondary damage, nor has customer information received any certified example of distribution or misuse on the Dark Web or other platforms.
A timeline of violation of SKT data
April 18, 2025
SKT detected unusual activities April 18: 11: 20 Locally, SKT has received extraordinary logs and files that have been deleted on goods that the company uses to monitor and manage billing information for its users, including the use of data and call period.
April 19, 2025
The company identified data violations on April 19 in its home subscriber server in Seoul, which usually contains consumer information, including details of verification, permission, location and movement.
April 20, 2025
SKT reported the Cybertic incident Korea’s Cyrosocracy Agency.
April 22, 2025
SKT It was confirmed on its website That it detected suspicious activity, which indicates a violation of the “potential” data involved in users’ USIMS data.
April 28, 2025
SKT started to replace 23 million users’ mobile SIM cards, but the company has Suffered a shortage of getting enough USIM card To fulfill your promise of providing free SIM card space.
30 April, 2025
South Korea’s police Started investigating SKT’s suspected cybertack on April 18.
May 1st, 2025
According to local media reportsMany South Korean companies, including SKT, use Eti VPN devices, and that recent data violations can be linked to China -backed hackers.
FIRST A local media reportSKT said he got a notice of cyber -scorerity What To direct and change the company to the anti -VPN.
Taiwan -based CyberScureti Co., Team T5, Informed the public about the dangers of the world By a Government -backed group Connected to China, which, to gain access to a number of organizations globally, allegedly benefited from the Evoti Connect Secure VPN system.
About 20 industries, including automotive, chemicals, financial institutions, law firms, media, research institutes, and telecommunications, have been affected in 12 countries, including Australia, South Korea, Taiwan and the United States.
May 6, 2025
A team of public and private investigators An additional eight types of malware detected In the SKT hacking case. The team is currently investigating whether the new malware was installed on the same home subscriber server as the original four tensions or if it is located on a separate server equipment.
May 7, 2025
SK Group Chairman Tai Von Chi, who runs SKT, Sorry for the first time publicly To violate the data, a few weeks after being violated.
As of May 7, all qualified users have been signed up for the SIM protection service, except that they were suspended abroad using roaming services and temporarily suspended, the spokesman told Tech Crunch, adding that the unauthorized login efforts were made to prevent unauthorized login efforts using Clond SIM cards.
May 8, 2028
SKT is currently evaluating how to handle cancellation fees for users affected by the data violation. According to the company’s chief executive at the National Assembly hearing, about 250 250,000 consumers have turned to another telecom provider after the violation.
Meanwhile South Korean officials, Announced During the cybertack, 25 types of personal information were leaked from the company’s database.