SK Telecom Breach Exposes 26.9m IMSI Records
A sophisticated cyberattack targeting SK Telecom has raised urgent concerns over telecom network security, data protection and national digital infrastructure. The breach, which went undetected for nearly two years, exposed critical USIM-related data and personal information linked to tens of millions of subscribers.
Malware compromise reveals long-term vulnerability
South Korea’s largest telecom operator confirmed that 23 of its servers were infected with malware as far back as June 2022. Investigators estimate 9.32GB of USIM-related data may have been compromised, including approximately 26.9 million International Mobile Subscriber Identity (IMSI) numbers, used globally to identify mobile network users.
In a briefing, SK Telecom acknowledged that the malware persisted until its discovery in April 2025. Two of the affected servers stored personal subscriber information such as names, birth dates, phone numbers and email addresses. While recent firewall logs show no confirmed outbound data transfers, the absence of records before December 2024 has prevented investigators from determining the full extent of the breach.
Mitigation measures and subscriber protections
SK Telecom launched a nationwide SIM replacement programme for all 25 million subscribers. Additionally, it rolled out an enhanced fraud detection system, FDS 2.0, which deploys triple-factor authentication to prevent both SIM and device cloning.
“All subscriber accounts have now been automatically enrolled in our SIM protection service.
“The service ensures network-level defence through three-layer verification—validating the subscriber, the SIM and the connected device.”
SK Telecom has paused new subscriber sign-ups temporarily and pledged to cover any financial damages from the breach. So far, it has reported no confirmed incidents of terminal cloning or subscriber fraud.
International cooperation to tackle cross-border cyber threats
The breach has catalysed international dialogue on securing critical telecom infrastructure. In May, South Korea’s Minister of Science and ICT, Yoo Sang-im, met with senior US officials to discuss coordinated cybersecurity strategies.
During talks with FCC Commissioner Brendan Carr, both parties cited the SK Telecom breach and Chinese-linked cyber operations, such as the Volt Typhoon group, as clear signs of escalating telecom-specific threats. The discussions further focused on harmonising cybersecurity certification standards across markets.
“We are now working to reduce duplication in IoT security certification and align technical benchmarks that affect telecom operators in both countries,” Yoo confirmed following his visit.
National security and telco resilience in the spotlight
SK Group chairman Chey Tae-won publicly apologised in early May, describing the breach as “a matter of national defence.” His comments highlight growing concerns among global operators about how cyberattacks can compromise subscriber data and broader national digital ecosystems.
The malware believed to be responsible, BPFdoor, has been previously associated with China-based hacking collectives such as Red Menshen. Similar malware tactics were deployed in attacks on US telecom networks in late 2024. No entity has yet claimed responsibility for the SK Telecom breach.
Toward greater network sovereignty and cyber preparedness
For the telecoms sector, the incident has reignited debate over localised security protocols and the importance of network sovereignty. Analysts say the SK Telecom attack is a wake-up call for operators globally.
“Telecom providers handle infrastructure critical to both commerce and national security.
“The lessons here are clear: malware can go undetected for years and robust detection and response systems must now be non-negotiable.
SK Telecom’s commitment to full responsibility and preventative action may offer a framework for peer operators seeking to strengthen cyber resilience. However, the breach raises broader questions about cross-border coordination, supply chain risks and emerging geopolitical challenges in digital communications.
As nations deepen their investment in 5G and quantum infrastructure, the SK Telecom breach serves as a timely but stark reminder that cybersecurity must evolve with innovation.
Explore the latest edition of Mobile Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cloud & 5G LIVE. Discover all our upcoming events and secure your tickets today.
Sign up to receive the Mobile Magazine weekly newsletter.
Mobile Magazine is a BizClik brand
