A timeline of South Korean telco giant SKT’s data breach

In April, South Korea’s Telco Giant SK Telecom (SKT) was injured by a cybertack, which led to theft of about 23 million customers, which is equivalent to about half of the country’s 52 million residents.

At a COL National Parliament hearing on Thursday, SKT chief executive Young-Sang Rue said that about 25,000 users switched to a separate telecom supplier after the information violation. He said that if the company waived the cancellation fee, this number is ten times higher than the current amount, this number expects to reach 2.5 million.

Rayu said at the hearing that the company could lose $ 1 billion (about $ 1 trillion) in the next three years if they decided not to charge the cancellation fee for users who would like to cancel their contract immediately, Rue said at the hearing.

“SK Telecom considered this event as the most serious security violation in company history and our best efforts to reduce any loss of our customers,” said TechCrunch, a spokesperson for SKT. “The entity responsible for the number of damaged customers and hacking is under investigation,” the spokesperson added.

A joint investigation involving both public and private entities is currently underway to identify specific causes of the incident.

Personal Information Protection Committee (PIPC) South Korea Declaration Thursday Mobile phone numbers and unique identifiers (IMSI numbers), as well as USIM authentication keys and other USIM data, were encouraged from its central database, known as its home customer server. Compromised data may be more risky to customers SIM And government surveillance.

After The formal announcement of the event of April 22SKT is offering SIM card protection and free SIM card replacement to prevent further damage to its customers.

“We have identified the SIM’s possible information on April 7,” the SKT spokesperson told TechCrunch. “After the detection of the violation, we immediately disconnected the affected device while the entire system was thoroughly investigated.”

“To further protect our customers, we are currently developing a system that can protect users’ information through SIM protection services and allow them to use roaming services outside Korea by May 14,” spokesperson said.

To date, the SKT has not received any report of secondary loss and there is no verified example of customer information distribution or abuse on the Dark Web or other platforms, the company told TechCrunch.

A timeline of SKT’s data violation

April 18, 2025

SKT has detected abnormal activity 18 Apr 11:20 PM Local time. The SKT found the symptoms of unusual logs and files that were removed on the equipment that the company used to use data to monitor and manage billing data for its customers and to manage it with call deadline.

April 19, 2025

The company identified a data violation on its home subscriber server in the COL on April 7, which usually contains customer information with authentication, approval, location and dynamics.

April 20, 2025

SKT reported the incident of CyberTack Korea’s Cyber ​​Security Agency April 20.

22 April, 2025

SPKT Confirmed on its website It has detected suspicious activities, it indicates that users indicate a “possible” data violation involving some information related to USIMS data.

April 28, 2025

SKT started replacing 23 million users’ mobile SIM cards, but the organization has Sufficient USIM card to face deficit in obtaining To fulfill the promise of providing free SIM card replacement.

April 30, 2025

South Korean police Start investigation April 18 Suspt’s suspicious CyberTack.

May 1, 2025

According to local media reportsMany South Korean companies, including SKT, use Evanti VPN equipment and may be connected to China-backed hackers in recent data violations.

Toward Report a local mediaSKT says it has received a cyberquaree notice from Kissa that the company is shutting down and instructing the Evanti VPN replacement.

Team 5, a Cybercquirement Organization based on Taiwan, People have warned of worldwide threats Ay Government -backed group It is alleged that Evanti’s connector connected to the VPN system to get access to multiple companies worldwide.

About 20 industries, including automobiles, chemicals, financial institutions, law agencies, media, research institutes and telecommunications have been damaged across 12 countries including Australia, South Korea, Taiwan and the United States.

May 6, 2025

A party of public and private investigators Has discovered eight types of malware In case of SKT hacking. The team is currently installed on the customer server of the same home as the new malware is the original four strain or is investigating whether they are located in separate server equipment.

May 7, 2025

SK Group Chairman Tay-Win Che, which operates SKT, Publicly apologized for the first time For data violation, about three weeks after the violation.

Until May E. May, all eligible users have signed up for SIM protection services, excluding roaming services, excluding them abroad and temporarily suspended, told the spokesperson Techcunch that its fraudulent detection system has already been set up for all customers to prevent unauthorized login attempt using clonded SIM cards.

May 8, 2028

SKT is currently evaluating how to handle the canceled fees for the affected users in the data violation of the data. At the National Assembly hearing, the company’s chief executive said that about 250,000 users switched to another telecom supplier after the violation.

In the meantime, South Korean authorities have announced that 25 types of personal data have been leaked from the company’s databases during cybertack.