Many of SK Telecom subscribers could be jeopardized due to USIM data exposure

AndyC 24 April 2025

Millions of SK Telecom customers are under potential threat due to USIM data breach

Millions of SK Telecom customers are potentially at risk following USIM data compromise

Millions of SK Telecom customers are under potential threat due to USIM data breach

Pierluigi Paganini
April 22, 2025

SK Telecom cautioned about unauthorized access by perpetrators to customer USIM data via a malware intrusion.

SK Telecom acts as the largest cellular provider in South Korea and plays a significant role in the mobile and technological sector of the nation.

With a market share of approximately 48% in mobile services, approximately 34 million subscribers rely on their network. The corporation provides mobile services, 5D innovation, artificial intelligence advancements, IoT solutions, cloud computing, and smart urban infrastructure.

It operates under the SK Group, a massive conglomerate in South Korea that is active in sectors such as energy, semiconductors, chemicals, and more.

Following a malware breach, SK Telecom confirmed the infiltration of customer USIM data by malicious actors. The Universal Subscriber Identity Module (USIM) is a secure smart card utilized in mobile gadgets to store vital subscriber details, including the International Mobile Subscriber Identity (IMSI) and cryptographic codes.

The telecommunications giant identified an intrusion into its systems at 11 PM on Saturday, April 19, 2025. After detecting the breach, the organization swiftly notified the Korea Internet & Security Agency (KISA) on Sunday, April 20. They immediately disinfected the impacted systems, isolated the suspected hacking apparatus, and as of now, no instances of data misuse have been confirmed.

SK Telecom announced the implementation of enhanced defensive measures to prevent unauthorized SIM card modifications and irregular authentication attempts.

Furthermore, they extended a complimentary subscription of the ‘SIM protection service’ to affected customers.

“On April 19, 2025, around 11:00 PM, SK Telecom identified a potential leakage of SIM-related customer information due to malware,” as outlined in the data breach alert disclosed by the company. “After acknowledging the breach, SK Telecom immediately eliminated the malware, isolated the suspected hacking apparatus, and as of now, no actual abuses of the data have been confirmed. However, to safeguard our customers, we are executing the outlined countermeasures.”

Investigations are underway to identify the root of the security breach, evaluate the scale of the incident, and ascertain the extent of leaked data. Additionally, the South Korean provider reported the incident to the Personal Information Protection Commission on Tuesday, April 22, at 10:00 AM.

Individuals desiring additional security precautions could enroll in the SIM protection service.

Follow me on Twitter: @securityaffairs, Facebook, and Mastodon.

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , , , , , , ,

More Stories

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

AndyC 20 December 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

AndyC 20 December 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

AndyC 20 December 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

AndyC 19 December 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

AndyC 19 December 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

AndyC 19 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.