SK Telecom Cyberattack Exposes Data of 23 Million Customers in South Korea

In April 2025, South Korea’s leading telecom operator, SK Telecom (SKT), suffered a significant cyberattack that compromised the personal data of approximately 23 million customers—nearly half of the nation’s population. This breach represents one of the most severe security incidents in the company’s history, exposing sensitive subscriber information stored in its home subscriber server (HSS).

The stolen data included 25 types of personal information such as mobile phone numbers, unique IMSI identifiers, USIM authentication keys, and other USIM data. This exposure significantly increases the risk of SIM swapping attacks, which can lead to unauthorized access to customers’ accounts and potential government surveillance.

Following the breach detection on April 19, SKT promptly isolated the affected systems and began offering free SIM card replacements and SIM protection services to mitigate further damage. However, the company has faced challenges in sourcing enough USIM cards to fulfill replacement demands for all affected users.

The breach has already triggered significant customer churn, with approximately 250,000 users switching providers. SKT’s CEO warned that if cancellation fees are waived, this number could escalate to 2.5 million, potentially costing the company up to $5 billion over three years.

Investigations have revealed that the attackers exploited vulnerabilities in Ivanti’s Connect Secure VPN equipment, a tool widely used by SKT and other South Korean companies. This attack is attributed to a China-backed hacker group that has targeted multiple industries globally, including telecommunications, automotive, and finance.

In response, SKT has collaborated with public and private sector investigators to identify additional malware strains and strengthen its cybersecurity posture. The company has implemented fraud detection systems to prevent unauthorized SIM usage and is developing enhanced SIM protection services to support roaming customers.

This incident underscores the critical importance of robust cybersecurity defenses in the telecommunications sector, where breaches can compromise vast amounts of sensitive personal data and disrupt essential communication services. It also highlights the need for continuous monitoring, rapid incident response, and collaboration between industry and government agencies to combat sophisticated cyber threats.

Key Lessons and Industry Implications

• Telecom providers must prioritize securing subscriber databases and authentication systems to prevent unauthorized access.
• Regular vulnerability assessments of third-party equipment, such as VPNs, are essential to identify and mitigate risks before exploitation.
• Comprehensive incident response plans, including customer communication and remediation services like SIM replacements, help contain damage and rebuild trust.
• Collaboration between government agencies and private sector entities is vital for effective investigation and defense against state-sponsored cyberattacks.

As cyber threats evolve, telecom companies must invest in advanced threat detection and fraud prevention technologies to protect their customers and maintain service integrity.