Mobile network operator SK Telecom, which serves approximately 34 million subscribers in South Korea, has confirmed that it suffered a cyber attack earlier this month that saw malware infiltrate its internal systems, and access data related to customers’ SIM cards.
The breach occurred at around 11pm local time, on the night of Saturday 19 April 2025, in what is believed to have been an attack intentionally timed to exploit a day and time when there may be less staff monitoring in place.
Responsibly, SK Telecom informed the Korean Internet & Security Agency (KISA) the following day, and fulfilled its legal obligation to tell the Personal Information Protection Commission on Monday 21 April that there had been a potential data breach.
Although no customer names, birth dates, or financial details were leaked, the information identifying SIM cards is considered highly sensitive – as it could permit a determined criminal to hijack victims’ phone numbers in a “SIM Swap” attack.
SK Telecom says that its engineers detected and deleted the malware threat on its network, and took the compromised network servers offline as soon as it realised that a data breach may have occurred. Unfortunately, despite its best efforts – millions of users’ SIM details could have been put at risk, and may now be in the hands of cybercriminals.
Although SK Telecom has not confirmed the total number of users whose SIM details have been exposed, it has acknowledged that millions of individuals could be at risk.
The good news is that SK Telecom says it has seen no evidence that the sensitive data has been exploited by cybercriminals. The bad news is that it wouldn’t necessarily know if it had been exploited or not.
Since its breach, SK Telecom has faced some criticism for the way it has communicated news of the cyber attack to its customers. Although it updated its website and mobile app with a security advisory, some users felt they should also have proactively received an SMS alert informing them of the situation.
Apologising for the breach and responding to complaints about its response to the incident, SK Telecom has apologised and begun to send out SMS notifications to customers. In addition, the company has said it is strengthening its security in the hope of preventing similar incidents in future, and pledged to have a transparent inquiry into what happened.
Hacks like this are a wake-up call for telecoms firms worldwide that they must secure their systems against the threat of cybercriminals and state-sponsored hackers.
And all businesses would be wise to learn that hackers might attempt to strike at anytime, day or night, not just during weekday business hours.
If a hacker can exploit a window of opportunity – such as late in the evening on a weekend – to sneak into your network undetected, they won’t have any qualms about doing so.
Businesses that are handling critical or sensitive data should ensure their alerting systems and incident response plans work through weekends and holidays just as easily as any other day of the week.
