SKT data breach potentially leaks data from 26.9 million users

News

The attack, which took place in 2022, went undiscovered for almost three years

This week, a joint public–private investigation as revealed the enormous scale of a recently reported data breach impacting South Korean telco SK Telecom (SKT).

The cyberattack took place on June 15, 2022, but was not reported to the Korea Internet & Security Agency (KISA) by SKT until April 22 this year, suggesting that malware remained undetected for three years.

The data breach reportedly saw malware installed on 23 of SKT’s servers, which collectively held four different types of USIM data, including International Mobile Subscriber Identity (IMSI) numbers. These unique numbers are used to identify individual customers.

In total, 9.32 gigabytes of USIM-related data, including 26.9 million IMSI numbers, were compromised in the attack and may have been leaked.

SKT itself currently serves roughly 25 million customers, both directly and through its mobile virtual network operator partners, suggesting that nearly all its subscribers may be impacted by the attack.

To make matters worse, two of the affected servers had temporarily stored personal customer data, including names, date of birth, phone numbers, and email addresses. According to the investigation, it is still unclear whether this data was also compromised.

The investigation notes that log records show no evidence of data being exfiltrated between December 3, 2024, to April 24, 2025. However, there are no log records between June 15, 2022 –the date of the attack – and December 2, 2024, meaning investigators cannot determine if data was leaked during this time period.

One of the biggest fears is that the leaked data could be used for ‘SIM swapping’, a process whereby malicious actors use the stolen data to convince the service provider to transfer the victim’s number to a SIM card they control. This then allows them to receive calls, texts, and two-factor authentication codes intended for the victim.

The government’s director of the Network Policy Office at the Ministry of Science and ICT, Ryu Je-myung, notably downplayed these concerns, saying that the investigation had confirmed with manufacturers that ‘SIM swapping’ was not possible with the potentially leaked data.

“Cloning a smartphone is impossible with only a 15-digit IMEI value”, he said.

In response to the breach, SKT has pledged to bolster its cybersecurity, as well as offering free USIM card replacements to all 25 million subscribers.

In recent years, telcos have become the target of increasingly sophisticated cybersecurity attacks, with major data breaches taking place all over the world. Perhaps the most prominent of these were the ‘Salt Typhoon’ attacks, which hit US mobile operators in September last year and was described as the ‘worst telecom hack in US history’ by chairman of the Senate Intelligence Committee Mark Warne.

Since then, national governments have been working increasingly closely with telecoms operators with regards to national security, including increasing international cybersecurity cooperation between allied nations.

In this regard, US Federal Communications Commission chair Brendan Carr met with Korean Minister of Science and ICT Yoo Sang earlier this month to discuss greater security collaboration between the two nations.

Keep up to date with the latest telecoms news with the Total Telecom newsletter 

Also in the news:
Charter and Cox reveal agreement to combine companies
BT in final talks to sell 50% stake in TNT Sports to Warner Bros Discovery 
BT creates standalone international unit as strategic restructuring continues 

Author: Ernestro Casas -

This post was originally published on this site