In April, South Korea’s telco large SK Telecom (SKT) was once hit via a cyberattack that ended in the robbery of private information on roughly 23 million shoppers, identical to nearly part of the rustic’s 52 million citizens.
At a Nationwide Meeting listening to in Seoul on Thursday, SKT leader government Younger-sang Ryu mentioned about 250,000 customers have switched to another telecom supplier following the information breach. He mentioned he expects this quantity to succeed in 2.5 million, greater than tenfold the present quantity, if the corporate waives cancellation charges.
The corporate may just lose as much as $5 billion (round ₩7 trillion) over the following 3 years if it makes a decision to not price cancellation charges for customers who need to cancel their contract early, Ryu mentioned on the listening to.
“SK Telecom considers this incident probably the most critical safety breach within the corporate’s historical past and is placing forth our utmost effort to reduce any harm to our shoppers,” a spokesperson at SKT instructed TechCrunch in an emailed remark. “The collection of shoppers affected and the entity answerable for the hacking is underneath investigation,” the spokesperson added.
A joint investigation involving each private and non-private entities is recently underway to spot the precise explanation for the incident.
The Personal Information Protection Committee (PIPC) of South Korea announced on Thursday that 25 several types of non-public data, together with cell phone numbers and distinctive identifiers (IMSI numbers), in addition to USIM authentication keys and different USIM information, have been exfiltrated from its central database, referred to as its house subscriber server. The compromised information can put shoppers at better chance of SIM swapping attacks and govt surveillance.
After its official announcement of the incident on April 22, SKT has been providing SIM card coverage and unfastened SIM card replacements to stop additional harm to its shoppers.
“We detected imaginable data leakage relating to SIM on April 19,” the spokesperson at SKT instructed TechCrunch. “Following the identity of the breach, we in an instant remoted the affected tool whilst completely investigating all the machine.”
“To additional safeguard our shoppers, we’re recently growing a machine that may give protection to customers’ data in the course of the SIM coverage carrier whilst letting them use roaming products and services seamlessly outdoor of Korea via Might 14,” the spokesperson mentioned.
To this point, SKT has now not won any studies of secondary harm and no verified circumstances of purchaser data being disbursed or misused at the darkish internet or different platforms, the corporate instructed TechCrunch.
A timeline of SKT’s information breach
April 18, 2025
SKT detected bizarre actions on April 18 at 11:20 p.m. native time. SKT discovered strange logs and indicators of recordsdata having been deleted on apparatus that the corporate makes use of for tracking and managing billing data for its shoppers, together with information utilization and phone intervals.
April 19, 2025
The corporate known a knowledge breach on April 19 in its house subscriber server in Seoul, which normally homes subscriber data, together with authentication, authorization, location, and mobility main points.
April 20, 2025
SKT reported the cyberattack incident to Korea’s cybersecurity agency.
April 22, 2025
SKT confirmed on its website that it detected suspicious job, indicating a “possible” information breach involving some data associated with customers’ USIMs information.
April 28, 2025
SKT started changing cellular SIM playing cards of 23 million customers, however the corporate has faced shortages in obtaining sufficient USIM cards to satisfy its promise to supply unfastened SIM card replacements.
April 30, 2025
South Korean police began investigating SKT’s suspected cyberattack on April 18.
Might 1, 2025
According to local media reports, many South Korean corporations, together with SKT, use Ivanti VPN apparatus, and that the new information breach is also attached to China-backed hackers.
Consistent with a local media report, SKT mentioned it won a cybersecurity understand from KISA educating the corporate to show off and exchange the Ivanti VPN.
TeamT5, a cybersecurity corporate primarily based in Taiwan, alerted the public to the worldwide threats posed via a government-backed group related to China, which allegedly took benefit of vulnerabilities in Ivanti’s Attach Protected VPN techniques to realize get admission to to more than one organizations globally.
Some 20 industries were affected, together with car, chemical, monetary establishments, regulation companies, media, analysis institutes, and telecommunications, throughout 12 international locations, together with Australia, South Korea, Taiwan, and america.
Might 6, 2025
A staff of private and non-private investigators discovered an additional eight types of malware in SKT’s hacking case. The staff is recently investigating whether or not the brand new malware was once put in at the similar house subscriber server as the unique 4 traces or if they’re positioned on separate server apparatus.
Might 7, 2025
Tae-won Chey, the chairman of SK Crew, which operates SKT, publicly apologized for the first time for the information breach, some 3 weeks after the breach befell.
As of Might 7, all eligible customers were signed up for the SIM coverage carrier, aside from the ones residing out of the country the use of roaming products and services and quickly suspended, the spokesperson instructed TechCrunch, including that its fraud detection machine has already been arrange for all shoppers to stop unauthorized login makes an attempt the use of cloned SIM playing cards.
Might 8, 2028
SKT is recently assessing the way to deal with the cancellation charges for customers suffering from the information breach incident. About 250,000 customers have switched to some other telecom supplier following the breach, consistent with the corporate’s leader government at a Nationwide Meeting listening to.
South Korean government, in the meantime, introduced that 25 kinds of non-public data had been leaked from the corporate’s databases right through the cyberattack.
Source link