SK Telecom (SKT), South Korea's largest telecommunications firm, has reported a hacking incident involving a potential data leak of user USIM (Universal Subscriber Identity Module) information. The incident occurred on April 19, 2025, around 11 p.m. KST.

• Detection: SK Telecom detected suspicious activity indicating a potential intrusion by hackers who installed malware on its internal systems.
• Response: The company reported the incident to the Korea Internet & Security Agency (KISA) and the Personal Information Protection Commission. SKT deleted the malicious code and isolated the affected equipment to prevent further damage.
• Potential Impact: The breach may have resulted in the leakage of some information related to user USIM cards, which are used to authenticate and identify subscribers on mobile networks. This could potentially lead to illegal USIM swaps and abnormal authentication attempts, potentially enabling identity theft or unauthorized access to services.
• Information at Risk: The leaked information is suspected to include the Integrated Circuit Card Identifier (ICCID) and other identifying numbers. SKT stated that sensitive personal information such as names, addresses, resident registration numbers, and email addresses were not compromised in this incident, as this data is not stored on the USIM server.
• Current Status: SK Telecom is currently investigating the exact cause, scope, and nature of the data breach. As of now, there have been no confirmed cases of the leaked information being misused.

• усим Protection Service: SK Telecom is offering a USIM protection service free of charge to customers who want additional safety measures. This service can prevent unauthorized use of the USIM on other devices, restrict roaming, and block unauthorized device changes.
• Enhanced Monitoring: SK Telecom is strengthening its monitoring to block illegal USIM changes and abnormal authentication attempts.
• System-Wide Investigation: A full-scale investigation across its systems is underway to identify the cause and prevent recurrence.
• Cooperation with Authorities: SK Telecom is cooperating with the Ministry of Science and ICT and KISA, providing relevant data and support for the investigation.

• The Ministry of Science and ICT and KISA have formed an emergency response team to investigate the scope and cause of the breach.
• They have requested that SK Telecom preserve and submit relevant data related to the breach, and KISA experts have been dispatched to the site to provide technical support.
• The authorities may issue a corrective order to SK Telecom if the investigation reveals flaws in the company's security management.

If the incident is deemed a violation of Article 29 of the Personal Information Protection Act, which mandates the implementation of security measures, SKT could face legal sanctions. Fines of up to 3 percent of the related revenue may be imposed under Article 64-2 of the Act. Leaks involving over 1,000 records can result in fines of up to 50 million won (approximately $35,200 USD), with the amount adjusted based on the nature and severity of the violation.

This incident marks the first major personal data breach at SK Telecom in approximately 2 years and 4 months. In January 2023, LG Uplus experienced a similar hacking incident that resulted in the leakage of approximately 300,000 customer records. KT also had incidents in 2012 and 2014 involving the leakage of customer information due to hacking.

• HSS Server: The Home Subscriber Server (HSS), which was reportedly compromised, is a central server that manages critical subscriber data, including user registration, authentication, and authorization.
• USIM Information: The USIM stores information that enables subscriber authentication and identification within the mobile network. Compromising this information could lead to identity theft and unauthorized access to services.
• AI and Hacking: There are concerns that the increasing sophistication of AI technology could lead to more sophisticated hacking techniques, making it harder for companies to defend against cyberattacks.
• North Korean Involvement: There are speculations that North Korean hackers may be involved, given the history of cyberattacks from the region and the high security level of telecommunications companies.
• Bulletproof Hosting: Some reports indicate that bulletproof hosting services, which provide infrastructure for cybercriminal operations, may have been involved in similar attacks.
• Vulnerability Exploitation: Hackers exploit vulnerabilities in systems to gain unauthorized access, steal data, or disrupt operations.

SK Telecom is providing a free USIM protection service and advising customers to be cautious of potential phishing or smishing attempts.