HQ/EMEAFind out how we can help your business
SK Telecom, South Korea’s largest mobile network operator, has warned its customers of a potential breach involving sensitive USIM data following a recent malware attack.
The incident occurred on Saturday, 19 April 2025, at around 11 PM local time, during the weekend when most organisations operate with limited staff. The company detected the malware and acted swiftly to remove it and isolate the affected systems to prevent further compromise.
Holding nearly half of South Korea’s mobile service market, SK Telecom serves around 34 million subscribers. The exposed USIM data includes critical details like International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and potentially SMS messages or contacts stored on the SIM. While no misuse of the data has been confirmed, the nature of the information poses serious concerns, particularly for risks such as SIM-swap attacks, targeted surveillance, and location tracking.
Despite the lack of evidence showing that the USIM data has been used maliciously, SK Telecom is treating the incident with high seriousness.
SK Telecom reported the incident to the Korea Internet & Security Agency (KISA) the following day and informed the Personal Information Protection Commission shortly after. Though the exact scale and source of the breach remain unknown, investigations are actively ongoing.
In response to the threat, the mobile operator has implemented several protective measures. These include strengthening restrictions around USIM swaps, closely monitoring for unusual authentication attempts, and automatically suspending services for accounts flagged for suspicious activity. Customers are also strongly encouraged to register for the company’s USIM protection service. This added layer of security prevents mobile numbers from being transferred to another SIM card without proper verification, reducing the chances of fraud.
No threat actors have come forward to claim responsibility for the breach, leaving open questions about who is behind the attack and what their motives might be.
The compromise of USIM data highlights the growing importance of digital privacy and the vulnerabilities that can be exploited through sophisticated cyberattacks. SK Telecom’s quick response has helped contain the immediate damage, but the situation continues to develop as authorities and cybersecurity teams work to determine the full impact.
