SK Telecom Reports Three-Year Malware Breach Affecting 27 Million Accounts

SK Telecom has reported a significant cybersecurity incident that originated in June 2022 and was disclosed in April 2025. This breach compromised the sensitive USIM data of approximately 27 million subscribers, placing them at risk.

As South Korea’s largest mobile network operator, SK Telecom detected malware on its network on April 19, 2025, prompting immediate isolation of the affected equipment. The unauthorized access allowed attackers to extract critical information, including IMSI numbers, USIM authentication keys, network usage metrics, and stored SMS and contacts from the SIM.

In light of the increased threat posed by potential SIM-swapping attacks, SK Telecom has initiated a comprehensive response plan. This includes issuing new SIM cards to all affected subscribers and enhancing security protocols to prevent unauthorized porting of numbers.

A government investigation revealed that the malware had compromised 25 distinct types of data. During the fallout following the breach, SK Telecom announced a halt to new subscriber registrations as it worked to address the implications of the incident.

Recent updates indicate that 26.95 million customers will soon be notified of their exposure to the malware. Investigators discovered 25 different malware variants across 23 compromised servers, underscoring the breach’s extensive nature. Initial findings traced back the infection to June 15, 2022, suggesting that these malicious activities persisted undetected for nearly three years.

While the investigation indicated that 15 of the infected servers contained personal customer data, including 291,831 IMEI numbers, SK Telecom has refuted this claim in its communications. Furthermore, it has been noted that monitoring of impacted servers only began on December 3, 2024, indicating that any data exfiltration prior to this date may not have been recorded.

In response to this situation, SK Telecom continues to provide support for its customers through SIM card replacements and has implemented automatic security measures to safeguard user accounts. The company remains committed to preventing unauthorized changes to USIM and devices, asserting that any potential damages will be fully addressed.

This incident demonstrates the need for rigorous cybersecurity practices, particularly within critical sectors such as telecommunications, to protect customer data and maintain trust.