SK Telecom has confirmed that some customer information related to USIMs was potentially leaked due to malicious code, raising concerns among subscribers. The incident was discovered on April 19, 2025, around 11 PM, and the company took immediate action to address the situation.
According to the announcement made on April 22, 2025, the leaked information includes critical identifiers such as the 'unique identification number' and 'USIM authentication key value' for each subscriber. The unique identification number is essential for the telecommunications company to recognize the subscriber's line within its network, while the USIM authentication key value is used to verify the authenticity of the USIM and ensure it corresponds with the actual subscriber information. Fortunately, there has been no indication that sensitive personal information, such as resident registration numbers, names, or phone numbers, has been compromised.
Upon realizing the potential for data leakage, SK Telecom promptly deleted the malicious code and isolated the suspected hacking equipment. The company reported the incident to the Korea Internet & Security Agency (KISA) on April 20, 2025, and subsequently informed the Personal Information Protection Commission about the situation on April 22, 2025, at 10 AM. This swift action reflects the company's commitment to transparency and regulatory compliance.
In response to the incident, SK Telecom is actively cooperating with investigations by KISA and the Personal Information Protection Commission, which are assessing the extent of the data breach and the security measures in place. The Personal Information Protection Commission plans to conduct a thorough investigation into the leakage circumstances, extent of damage, and compliance with the Personal Information Protection Act. They have warned that if any violations are identified, strict measures will be taken according to relevant laws.
To prevent any potential misuse of the leaked information, SK Telecom has implemented several precautionary measures. These include a comprehensive investigation of their entire system, enhancing the blocking of illegal USIM modifications, and reinforcing protocols for immediate suspension of services when suspicious activity is detected. The company has also introduced a free USIM protection service for customers who want additional security measures. This service prevents unauthorized use of a subscriber's USIM in other devices and restricts overseas roaming unless existing roaming plans are canceled.
Yoo Young-sang, the CEO of SK Telecom, communicated with employees on April 22, urging them to conduct thorough security checks and prioritize customer safety. He expressed regret over the incident, assuring customers that the company is dedicated to strengthening its security framework to prevent similar occurrences in the future. He stated, "We will do our utmost to enhance our security systems and implement measures to protect customer information."
In light of the incident, the Ministry of Science and ICT has formed an emergency response team led by the Director of the Information Protection Network Policy Bureau. This team is tasked with overseeing the investigation and ensuring that appropriate corrective actions are taken. The Ministry has previously established joint public-private investigation teams to address similar incidents, demonstrating a proactive approach to cybersecurity in the telecommunications sector.
As the investigation continues, officials have urged caution among customers to prevent secondary damages, such as voice phishing and smishing, which could arise from the leaked information. With mobile communication services processing large volumes of personal data, the implications of such breaches can be significant.
Overall, SK Telecom is taking comprehensive steps to mitigate the impact of this incident and restore customer confidence. The company has reassured its subscribers that, so far, there have been no confirmed cases of actual misuse of the leaked information. They are committed to maintaining robust security measures and continuously monitoring their systems to protect customer data.
As the digital landscape evolves, incidents like this underscore the importance of cybersecurity in safeguarding personal information. Customers are encouraged to take advantage of the free USIM protection service offered by SK Telecom and remain vigilant against potential threats.
