A timeline of South Korean telco giant SKT’s data breach

In April, Telco Giant Sk Telecom (SKT) in South Korea was subjected to an electronic attack that stealing personal data on nearly 23 million customers, equivalent to half of the 52 million population of the country.

At a hearing at the National Assembly of Seoul on Thursday, CEO of SKT Young-Sang Ryu said about 250,000 users turned into a different communication provider after data breach. He said that he expected this number to reach 2.5 million, or more than ten times the current amount, if the company waives the cancellation fees.

Rio said in the hearing that the company could lose up to $ 5 billion (about 7 trillion June) over the next three years if it decides not to impose cancellation fees for users who want to cancel their contract early.

A SKT spokesman told Techcrunch in an email statement: “The number of affected customers and the entity responsible for piracy is under investigation,” the spokesman added.

A joint investigation is currently being conducted that includes both public and private entities to determine the caused by the accident.

The PIPC in South Korea announced on Thursday that 25 different types of personal information, including mobile phone numbers and unique identifiers (IMSI numbers), as well as USIM authentication keys and other USIM data, have been confirmed from its central database, known as the subscriber servant at home. Data at risk can endanger the risk of SIM and government monitoring.

After its official announcement of the accident on April 22, SKT provides protection of a SIM card and replacing the free SIM card to prevent further damage to its customers.

“We have discovered the leakage of potential information regarding SIM on April 19,” SKT spokesman told Techcrunch. “After identifying the violation, we immediately removed the affected device during the comprehensive investigation of the entire system.”

“For more protection of our customers, we are currently developing a system that can protect user information through a SIM protection service while allowing them to use roaming services smoothly outside Korea by May 14,” the spokesman said.

So far, SKT has not received any reports of secondary damage and there are no counterparts that have been checked by customer information that is distributed or abused on the dark web or other platforms, according to the company Techcrunch.

Skat schedule to violate SKT data

April 18, 2025

SKT discovered abnormal activities on April 18 at 11:20 pm local time. SKT has found unusual records and signs of files deleted on the equipment that the company uses to monitor and manage bills information for its customers, including the use of data and communication periods.

April 19, 2025

The company defined a violation of data on April 19 in the servant of the home subscribers in Seoul, which usually includes subscriber information, including ratification, authorization, location and transportation details.

April 20, 2025

SKT reported the cyber security attack in Korea.

April 22, 2025

SKT confirmed on its website that it had discovered a suspicious activity, indicating a “possible” data breach that includes some information related to Usims user data.

April 28, 2025

SKT has started replacing SIM cards for 23 million users, but the company has faced sufficient USM cards to meet its promise to provide free SIM card alternatives.

April 30, 2025

South Korea police began investigating the suspected electronic attack on SKT on April 18.

May 1, 2025

According to local media reports, many South Korean companies, including SKT, Ivanti VPN, use the last data breach to be connected to the infiltrators supported by China.

For each local media report, SKT said it had received a notice of cybersecurity from KISA by directing the company to turn off and replace Ivanti VPN.

TEAMT5, a cybersecurity company based in Taiwan, alerted the public to the global threats posed by the government -backed group linked to China, which has been alleged to have benefited from the weaknesses of the IVANTI safe VPN to reach multiple organizations in the world.

About 20 industries were affected, including cars, chemical institutions, financial institutions, law firms, media, research institutes, and communications, across 12 countries, including Australia, South Korea, Taiwan and the United States.

May 6, 2025

A team of public and private investigators discovered eight additional types of harmful programs in the Piracy case in SKT. The team is currently looking for whether the new malware is installed on the servant of subscribers at the same house as the original four breeds or if it is on separate server equipment.

May 7, 2025

TAE-Won Chey, SK Group president, who runs SKT, has publicly apologized for the first time for data breach, about three weeks after the breach occurred.

As of May 7, all qualified users for the SIM protection service were registered, with the exception of those who live abroad using roaming services and suspended them temporarily, the Techcrunch spokesman, adding that the fraud detection system has already been prepared for all customers to prevent unauthorized entry attempts using cloned SIM cards.

May 8, 2028

SKT currently evaluates how to handle cancellation fees for users affected by a data breach accident. About 250,000 users moved to another communications provider after the violation, according to the president of the company’s executive in a hearing in the National Assembly.

Meanwhile, the South Korean authorities announced that 25 types of personal information were leaked from the company’s databases during the electronic attack.