Probe suggests possible leak of SK Telecom users' private information

IANS May 19, 2025 312 views

SK Telecom has discovered a significant data breach affecting potentially millions of its subscribers' personal information. The cyberattack, which occurred in June 2022, compromised 23 servers containing sensitive subscriber identity modules (USIM). Investigators found that approximately 26.9 million unique mobile identifiers might have been exposed, raising serious privacy and financial security concerns. In response, SK Telecom is offering free USIM replacements and additional protection services to all 25 million of its subscribers.

"We will replace USIM for all 25 million subscribers free of charge" - SK Telecom Spokesperson
Seoul, May 19: Servers at SK Telecom containing personal information and universal subscriber identity module (USIM) data of all subscribers have been compromised in a cyberattack, raising concerns that critical USIM data used in financial transactions may have been leaked, a joint government-private investigation team said on Monday.

Key Points

1

Cyberattack exposed 9.32GB of sensitive mobile subscriber data

2

Breach dates back to June 15, 2022

3

26.9 million IMSI numbers potentially compromised

4

Two servers contained personal identification details

According to the team's interim findings, the breach dates back to June 15, 2022, when unidentified attackers are believed to have planted malware on the company's servers.

A total of 23 SK Telecom servers were compromised, all of which store four types of USIM data, including international mobile subscriber identity (IMSI) information, reports Yonhap news agency

The IMSI is a unique identifier for each user on a network and could potentially be exploited in financial transactions.

Investigators said it is believed that 9.32 gigabytes of USIM data, equivalent to roughly 26.9 million IMSI numbers, have been leaked. SK Telecom currently has 25 million subscribers, including 2 million budget phone users.

Among the affected servers, two had been used as temporary storage for personal data, such as names, birthdays, phone numbers and email addresses.

Investigators said they are still working to determine the exact scope of data stored on those two servers.

The team said it found no evidence of any data leakage between Dec. 3, 2024, and April 24 of this year according to available firewall log data from the hackers.

However, no log data was available between June 15, 2022, and Dec. 2, 2024, making it impossible to confirm whether any leaks occurred during that time frame.

SK Telecom detected the breach on April 18. In response, the company has offered to replace the USIM of all 25 million subscribers, including 2 million budget phone users, free of charge to prevent identity theft or financial fraud.

The company has also enrolled all users in its USIM protection service, which, it says, offers the same level of protection against unauthorised financial activities as a physical USIM replacement.

—IANS

Reader Comments

R
Rajesh K.
This is why India needs to be extra careful with Aadhaar and digital payment systems. We must learn from SK Telecom's mistake - our UIDAI servers must have stronger cybersecurity measures. Jai Hind! 🇮🇳
P
Priya M.
Shocking! 26.9 million users affected? This shows how vulnerable digital systems are. In India, we've seen similar issues with telecom companies. Maybe TRAI should conduct surprise cybersecurity audits for all Indian telcos.
A
Amit S.
The breach happened in 2022 but detected only now? That's nearly 2 years of data vulnerability! Korean companies are usually tech-savvy, so if this can happen to them, imagine the risk for Indian companies. Wake up call for our CERT-In team!
S
Sunita R.
At least they're offering free USIM replacement. When similar breaches happened with Indian telcos, customers had to bear the cost. We need better consumer protection laws for digital privacy. #DataProtectionBill
V
Vikram J.
I appreciate SK Telecom's transparency in this matter. Many Indian companies try to hide such breaches. Full disclosure should be mandatory - users have the right to know when their data is compromised.
N
Neha T.
This is scary! I use UPI for everything. If our SIM data gets leaked, bank accounts could be at risk. Maybe we should all enable additional authentication layers beyond OTP. Better safe than sorry!

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Your email won't be published


Disclaimer: Comments here reflect the author's views alone. Insulting or using offensive language against individuals, communities, religion, or the nation is illegal.

Tags:
SK Telecom Cybersecurity Data Breach South Korea Telecom Hack USIM Leak