Could SK Telecom Users' Private Information Have Been Leaked?
Click to start listening
Synopsis
A significant cyberattack has raised alarms about the potential leak of sensitive information from SK Telecom. With millions of users affected, the implications for financial security are severe. Discover the latest findings from the investigation team and what steps SK Telecom is taking to protect its subscribers.
Key Takeaways
- 23 SK Telecom servers compromised in a cyberattack.
- Potential leak of 9.32 gigabytes of USIM data.
- 26.9 million IMSI numbers may have been exposed.
- SK Telecom offers free USIM replacements to all affected subscribers.
- Increased focus on cybersecurity measures is essential.
Seoul, May 19 (NationPress) A cyberattack has compromised servers at SK Telecom that contain personal information and universal subscriber identity module (USIM) data for all subscribers. This breach raises alarms regarding the potential leak of crucial USIM data utilized in financial transactions, according to a joint investigation team comprising government and private sector experts.
The preliminary findings of the investigation indicate that the breach occurred on June 15, 2022, when unknown attackers allegedly installed malware on the company’s servers.
In total, 23 SK Telecom servers were breached, all of which hold four types of USIM data, including international mobile subscriber identity (IMSI) information, as reported by Yonhap news agency.
The IMSI serves as a unique identifier for each user within a network and could potentially be exploited for financial transactions.
According to investigators, approximately 9.32 gigabytes of USIM data, amounting to around 26.9 million IMSI numbers, may have been compromised. Currently, SK Telecom serves 25 million subscribers, including 2 million budget phone users.
Among the compromised servers, two were utilized as temporary storage for personal data, including names, birthdays, phone numbers, and email addresses.
Investigators continue to determine the precise scope of the data stored on these two servers.
The investigation team reported no evidence of data leakage between December 3, 2024, and April 24 of this year, based on available firewall log data from the hackers.
However, the absence of log data between June 15, 2022, and December 2, 2024, complicates the confirmation of any leaks during that period.
SK Telecom identified the breach on April 18. In an effort to mitigate identity theft or financial fraud, the company has offered free USIM replacements for all 25 million subscribers, including 2 million budget phone users.
Additionally, all users have been enrolled in the USIM protection service, which provides a level of security against unauthorized financial activities comparable to that of a physical USIM replacement.
Point of View
I emphasize the importance of cybersecurity in our digital age. This breach at SK Telecom underscores the vulnerabilities faced by major telecom companies. It is crucial for consumers to remain vigilant and for corporations to fortify their security measures to safeguard user data effectively.
NationPress
26/07/2025
Frequently Asked Questions
What type of data was compromised in the SK Telecom breach?
The breach involved personal information and universal subscriber identity module (USIM) data, including international mobile subscriber identity (IMSI) information, which is crucial for financial transactions.
How many users are affected by the SK Telecom data breach?
Approximately 25 million subscribers are affected, including 2 million budget phone users.
What actions is SK Telecom taking in response to the breach?
SK Telecom is offering free USIM replacements for all affected subscribers and has enrolled all users in a USIM protection service to prevent unauthorized financial activities.
When did the breach occur?
The breach is believed to have occurred on June 15, 2022, but was detected by SK Telecom on April 18, 2024.
What is the potential risk of the leaked IMSI data?
The leaked IMSI data could be exploited for financial transactions, posing a significant risk of identity theft and fraud.
