- SK Telecom suffered a data violation that was discovered in April 2025
- Affected approximately 27 million people
- The company was fined for it and will need to make significant changes in its operations.
SK Telecom (SKT), one of the largest providers of telecommunications services in South Korea, received a fine of almost $ 100 million for not protecting user data.
In April 2025, the company discovered a violation of malware that allowed threat actors to stalk within their systems for years. Some researchers even claim that the attack began in August 2021.
The criminals went to the SKT Home Subscriber Subscriber Server (HSS) and another critical infrastructure, exposing data from confidential subscribers, including Usim’s authentication keys (Ki), international mobile subscriber identity numbers (IMSI), IMEI device identifiers, phone numbers, email addresses and possibly other personal data.
“Very weak condition”
Approximately 27 million people were affected by rape.
Now, PakGazette reports that the Personal Information Protection Commission directed by the Government issued a statement, confirming the fine of approximately 134 billion Won ($ 96.53 million) for “neglecting its duty to take security measures” and for “delays in the notification of the escape to customers.”
The statement also states that SKT systems were in a “very weak condition” that allowed threat actors to access the company’s intranet. There were no passwords or other security measures, defending the servers of external influence, and the operating systems were outdated and working without the last security patches.
In addition to being forced to pay the fine, the company will also have to “strengthen security rules on information protection” and renew its government.
Responding to a PakGazette consultation, SK Telecom said that “he felt a serious responsibility” and will protect customer information is a “maximum priority.”
In response, it launched a “Information Security Innovation Plan”, which includes the implementation of zero trust architecture, expanding the encryption, forming a red equipment, raising the role of Ciso to directly inform the CEO and add experts in cybersecurity to the Board.
Customers received free Usim card replacements and were offered a 50% discount on August subscription rates. In addition, who would like to cancel his contract prematurely was allowed to do it without additional rates.
Through PakGazette
