In April 2025, SK Telecom, South Korea’s largest mobile carrier, experienced a significant data breach that compromised sensitive customer information. The breach, detected on April 18, involved malware infiltrating the company’s systems, leading to the exposure of Universal Subscriber Identity Module (USIM) data, including authentication keys and other critical details.
Immediate Response and Customer Protection
In response to the breach, SK Telecom announced a comprehensive plan to mitigate potential risks to its 25 million subscribers. The company offered free USIM card replacements at over 2,600 retail stores nationwide. However, due to a limited supply of replacement cards, with only 1 million available initially, the company faced challenges in meeting the high demand. To address this, SK Telecom introduced a USIM Protection Service, providing a software-based solution to safeguard against unauthorized SIM cloning and related threats.
Regulatory Actions and Service Suspension
The South Korean government intervened, directing SK Telecom to halt new customer sign-ups temporarily to focus on resolving the crisis. Starting May 5, the company suspended new subscriptions and mobile number portability services to prioritize existing customers’ security. Additionally, SK Telecom implemented automatic enrollment in the USIM Protection Service for digitally vulnerable individuals.
Customer Impact and Market Repercussions
The breach led to a significant customer response, with nearly 20 million subscribers enrolling in the USIM Protection Service. Approximately 956,000 users replaced their USIM cards, and 7.6 million scheduled replacements online. Despite these efforts, the company’s stock suffered, experiencing a sharp decline and a loss of approximately $643 million in market capitalization.
Ongoing Investigations and Future Measures
A joint investigation by the Ministry of Science and ICT and other agencies is underway to determine the breach’s full extent and prevent future incidents. Preliminary findings indicate that while USIM data was compromised, device-specific identifiers like IMEI numbers were not leaked. SK Telecom continues to work on enhancing its security infrastructure and restoring customer trust.
