SK Telecom
Company Details
Linkedin ID:
sk-telecom
Website:
Employees number:
7,230
Number of followers:
47,947
NAICS:
517
Industry Type:
Homepage:
sktelecom.com
IP Addresses:
0
Company ID:
SK _4733172
Scan Status:
In-progress
SK Telecom Company CyberSecurity Posture
sktelecom.com
SK Telecom has been leading the growth of the mobile industry since 1984. Now, we are taking customer experience to new heights by extending beyond connectivity. By placing AI at the core of its business, we are rapidly transforming into an AI company. We are focusing on driving innovations in areas of telecommunications, media, AI, metaverse, cloud and connected intelligence to deliver greater value for both individuals and enterprises. Our News: https://www.sktelecom.com/en/press/press.do e-Brochure: www.sktelecom.com/en/brochure
SK Telecom A.I CyberSecurity Scoring
SK Telecom Risk Score (AI oriented)Between 0 and 549
SK Telecom
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
SK Telecom Global Score (TPRM)XXXX
SK Telecom
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
SK Telecom Company CyberSecurity News & History
Past Incidents
12
Attack Types
2
SK Telecom (SKT)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SK Telecom (SKT), a major South Korean telecom provider, faced a **data breach** affecting **3,998 subscribers**, whose personal information was compromised. The **Personal Information Dispute Mediation Committee** proposed compensating each victim with **300,000 won (~$200)**, but SKT rejected the settlement, citing its existing **proactive compensation measures** and efforts to prevent recurrence. The rejection forces affected subscribers to pursue legal action for damages. The breach exposed customer data, damaging trust and potentially leading to financial or reputational harm. SKT emphasized its commitment to regaining customer confidence and mitigating further risks, though the incident highlights vulnerabilities in its data protection framework. The dispute remains unresolved, with victims left to seek redress through courts.
SK Telecom
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: SK Telecom, South Korea’s largest telecom operator, faced a high-profile cyber incident in April where an international hacking group, **Scattered Lapsus$**, claimed to have stolen **personal data of 27 million users** (including IDs, full names, phone numbers, emails, addresses, and birthdates). The group demanded $10,000 for a 100GB sample and threatened to leak the full dataset along with admin access if negotiations failed. While SK Telecom denied the breach—asserting the sample data and FTP screenshots were fabricated—the **Ministry of Science and ICT launched an investigation**, demanding transparency. The incident eroded consumer trust, causing SK Telecom’s **market share to drop below 40% for the first time in a decade**, with users switching carriers amid fears of data misuse. The prolonged scrutiny and reputational damage highlight systemic vulnerabilities in telecom security, compounded by the group’s persistent threats and public distrust in the company’s response.
SK Telecom (SKT)
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: SK Telecom (SKT), a major South Korean telecommunications provider, suffered a **malware breach** discovered in **April 2025**, exposing sensitive data of **27 million subscribers** for years (potentially since **August 2021**). Threat actors infiltrated critical infrastructure, including the **Home Subscriber Server (HSS)**, compromising **USIM authentication keys (KI), IMSI numbers, IMEI identifiers, phone numbers, email addresses, and other personal data**.The breach resulted from **negligent security practices**, including **unprotected servers (no passwords), outdated OS without patches, and weak intranet defenses**. The **Personal Information Protection Commission fined SKT ~$96.53 million** for failing to safeguard data and delaying customer notifications. SKT was forced to **overhaul governance, adopt zero-trust architecture, expand encryption, form a red team, and elevate its CISO role**. Customers received **free USIM replacements, subscription discounts, and penalty-free contract cancellations**.The incident severely damaged SKT’s **reputation, financial standing, and operational trust**, necessitating systemic reforms to prevent future breaches.
SK Telecom
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: SK Telecom, South Korea’s largest mobile carrier, suffered a **massive data breach** in 2024, traced back to a 2022 infiltration where attackers used **25 undetected malware strains** for nearly three years. The breach exposed **personal data of 27 million customers**, including **subscriber identity numbers, authentication keys, network logs, and SIM-stored messages**. The financial fallout was severe: **operating profit plummeted 90% (from 493B won to 48.4B won)**, sales dropped **12.2%**, and the company **suspended dividends** for the first time since 2000. Regulatory penalties included a **record 134B won ($96.5M) fine**, while recovery efforts cost **500B won ($349M)** in customer compensation (discounts, free data, voucher packages, and waived termination fees). The breach also triggered a **two-month freeze on new subscriptions**, accelerating customer churn. The attack forced a **complete cybersecurity overhaul**, SIM card replacements for millions, and long-term reputational damage, with the CFO framing it as a **‘crisis-to-opportunity’ pivot** to restore trust.
SK Telecom
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: SK Telecom, South Korea’s largest telecom operator, suffered a **massive data breach** leading to severe regulatory and financial repercussions. The **Personal Information Protection Commission (PIPC)** imposed a **record fine of 134.8 billion won (~$91.4 million)** for violations of data privacy laws. The breach exposed **sensitive customer data**, triggering a prolonged investigation and enforcement action. The company received the formal sanction in late October 2025, initiating a **90-day review period** with an appeal deadline in **late January 2026**. SK Telecom is reportedly **leaning toward appealing** the decision, but the incident has already inflicted **significant reputational damage**, operational disruptions, and potential long-term trust erosion among customers. The breach underscores systemic vulnerabilities in handling **personal and financial information**, with implications for compliance, governance, and cybersecurity resilience in the telecom sector.
SK Telecom
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: SK Telecom, a leading South Korean telecom provider, suffered a catastrophic data breach exposing the personal information of over **23 million users**, triggering severe financial and operational repercussions. The incident led to a **90.9% plunge in operating profit** and a **12.2% revenue decline** in Q3, alongside a **record privacy fine** imposed by regulators. The breach’s fallout extended to corporate governance, forcing a **leadership overhaul**—including the appointment of **Jeong Jae-heon**, the company’s first CEO with a legal background, as part of crisis management efforts. The exposed data scale and regulatory penalties underscore systemic vulnerabilities in the company’s cybersecurity framework, eroding stakeholder trust and prompting urgent structural reforms to mitigate long-term reputational and financial damage.
SK Telecom
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: SK Telecom faced a catastrophic **USIM (Universal Subscriber Identity Module) data breach** affecting **27 million users**, leading to its first projected quarterly loss since earnings reporting began. The incident triggered a **1 trillion won (~$705M) compensation program**, including 50% mobile rate discounts, extra data, and expanded partnerships, alongside a **134.8 billion won regulatory fine**—the largest-ever penalty by South Korea’s Personal Information Protection Commission—for negligence and delayed user notifications. The breach caused mass **customer defection** to competitors (e.g., KT gained 280,000 subscribers), while SK Telecom’s Q3 operating profit plummeted **91.8% year-on-year** to 43.7 billion won, with a consolidated operating loss of **27.4 billion won**. The financial and reputational damage extended to weakened Q4 outlook, compounded by regulatory scrutiny and eroded trust in data security.
South Korean Maritime and Telecommunications Sector (Fishing Vessels & Cell Networks)
Cyber Attack
Rankiteo Explanation
Attack that could bring to a war
Description: In March 2016, North Korea executed a **GPS jamming attack** targeting vessels in the demilitarized zone (DMZ) between North and South Korea, originating from five regions: Haeju, Yonan, Pyongyang, Kumgang, and Kaesong. The attack disrupted navigation systems of **nearly 700 fishing vessels**, endangering maritime safety and operations. Additionally, the jamming interfered with **cell phone base stations**, disrupting telecommunications infrastructure. This was the **fourth such campaign since 2010**, part of North Korea’s broader strategy of electronic warfare and provocation amid escalating tensions over nuclear and missile tests. South Korea issued a formal warning on **April 1**, threatening retaliatory action if the attacks persisted. The incident highlighted vulnerabilities in critical navigation and communication systems, with potential cascading effects on regional security and economic stability. While no direct casualties were reported, the attack posed risks to maritime trade, emergency response coordination, and civilian infrastructure, reinforcing concerns over North Korea’s cyber and electronic warfare capabilities.
SK Telecom
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SK Telecom, the largest mobile network operator in South Korea, experienced a cybersecurity incident that started in June 2022 and was detected in April 2025. The breach exposed the USIM data of 27 million subscribers, including IMSI, USIM authentication keys, network usage data, and SMS/contacts stored in the SIM. The incident increased the risk of SIM-swapping attacks, leading the company to issue SIM replacements and enhance security measures. The breach compromised 25 data types and 23 servers, with 15 servers containing personal customer information, including 291,831 IMEI numbers. The company halted new subscriptions temporarily to manage the fallout.
SK Telecom Co.
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: SK Telecom, South Korea’s largest mobile operator, suffered a major cyberattack disclosed in April 2024, compromising the personal data of approximately **half the nation’s population**. The breach exposed **call data records (CDRs)**, enabling potential reconstruction of sensitive communications, including those involving high-level government officials. The **Personal Information Protection Commission (PIPC)** fined the company **134.8 billion won ($97 million)** for negligence in data protection, delayed breach reporting, and prolonged security lapses dating back to 2022. Investigations revealed systemic vulnerabilities, with regulators criticizing the company’s failure to address known weaknesses despite repeated opportunities.The attack raised **national security concerns**, as lawmakers warned that exposed call logs could endanger government communications and intelligence operations—mirroring incidents like China-linked hackers (Salt Typhoon) breaching U.S. telecoms (e.g., AT&T) to monitor senior officials. Public outrage in South Korea initially focused on **ransomware and financial risks**, but the broader implications included **potential espionage, intelligence leaks, and threats to critical infrastructure**. The government responded by proposing a **National Cybersecurity Act** to unify emergency responses and improve threat intelligence sharing. SK Telecom acknowledged the failings and pledged to prioritize data protection, though regulators mandated reforms, including waiving penalties for customers leaving the network.
SK Telecom
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: In April 2025, SK Telecom, one of South Korea’s largest telecom providers, suffered a significant cyber intrusion where hackers infiltrated its network and exfiltrated over **10 gigabytes of SIM card data**. The breach was confirmed by South Korea’s **Ministry of Science and Information and Communication Technology (MSIT)** in July, following an investigation that inspected **42,000 servers**, uncovering **28 infected with advanced hacking tools**. The stolen data—likely containing **customer identity and authentication details**—poses severe risks, including **unauthorized SIM swaps, financial fraud, and identity theft**, particularly for **U.S. military personnel, Defense Department employees, and their families** who rely on SK Telecom’s services at bases like **Osan Air Base and Camp Humphreys**. The breach also raised allegations of an **international hacking organization selling the stolen data online**, amplifying concerns over **large-scale privacy violations and potential state-sponsored cyber espionage**. While SK Telecom operates kiosks on U.S. military installations, **U.S. Forces Korea issued an advisory only for this incident**, not the subsequent breaches at KT Corp. and LG Uplus. The MSIT emphasized the need for **transparency and swift action** due to rising public anxiety over recurrent telecom cyberattacks, though specific financial or operational damages remain undisclosed.
SK Telecom
Cyber Attack
Rankiteo Explanation
Attack threatening the organization's existence
Description: SK Telecom, South Korea’s largest telecom operator, suffered a **massive cyberattack in April 2025**, resulting in the theft of **personal data from ~23 million customers**—nearly **half the country’s population**. The breach exposed sensitive information, including names, contact details, and potentially financial records. The aftermath extended into May, forcing the company to issue **new SIM cards to millions of affected users** to mitigate risks like SIM-swapping fraud and identity theft. The attack highlighted systemic vulnerabilities in South Korea’s cybersecurity infrastructure, with regulators and government agencies struggling to coordinate a unified response. The incident severely damaged SK Telecom’s reputation, eroded customer trust, and raised concerns over the **national security implications** of such large-scale data exposures, particularly given the involvement of state-backed threat actors in the region.
SK Telecom Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for SK Telecom
Incidents vs Telecommunications Industry Average (This Year)
SK Telecom has 1086.44% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
SK Telecom has 976.92% more incidents than the average of all companies with at least one recorded incident.
Incident Types SK Telecom vs Telecommunications Industry Avg (This Year)
SK Telecom reported 7 incidents this year: 2 cyber attacks, 0 ransomware, 0 vulnerabilities, 5 data breaches, compared to industry peers with at least 1 incident.
Incident History — SK Telecom (X = Date, Y = Severity)
SK Telecom cyber incidents detection timeline including parent company and subsidiaries
SK Telecom Company Subsidiaries
SK Telecom has been leading the growth of the mobile industry since 1984. Now, we are taking customer experience to new heights by extending beyond connectivity. By placing AI at the core of its business, we are rapidly transforming into an AI company. We are focusing on driving innovations in areas of telecommunications, media, AI, metaverse, cloud and connected intelligence to deliver greater value for both individuals and enterprises. Our News: https://www.sktelecom.com/en/press/press.do e-Brochure: www.sktelecom.com/en/brochure
Loading...
SK Telecom Similar Companies
PT. Indosat Tbk
Indosat Ooredoo Hutchison (IDX: ISAT) ("IOH"), are here with our vision to become the most preferred digital telecommunications company of Indonesia. The IOH merger combines two highly complementary businesses between PT Indosat Tbk (“Indosat Ooredoo”) and PT Hutchison 3 Indonesia to create a new wo
Telecom Egypt
Since its establishment in 1854, Telecom Egypt has played a pivotal role in driving growth within the local ICT market capitalizing on its vast infrastructure, which is one of the largest in the region. Its vast domestic and international infrastructure has helped it serve various customer groups in
Cox Communications is committed to creating more moments of real human connection. We bring people closer to family and friends through technology that’s inspired by a culture that puts people first, and we’re always working to improve life in the communities we serve. Our world-class broadband appl
Globe is a leading full-service telecommunications company in the Philippines and publicly listed in the PSE with the stock symbol GLO. The company serves the telecommunications and technology needs of consumers and businesses across an entire suite of products and services including mobile, fixed,
Zain Group
Zain Group is a leading provider of innovative ICT technologies & digital lifestyle communications operating in 8 markets across the Middle East & Africa, serving 50.9 million active customers as of 30 June 2025. Zain provides mobile voice, data and B2B services in: Kuwait, Bahrain, Iraq, Jordan, Sa
Totalplay
Somos una empresa orgullosamente mexicana, líder en tecnología, telecomunicaciones y entretenimiento. Estamos siempre a la vanguardia con el objetivo de llevar a nuestros clientes lo mejor en conectividad, ya sea para que estén cerca de los que más quieren ó puedan alcanzar el éxito profesion
Claro Brasil
Prazer, somos a Claro! Aqui, temos um grande time que faz tudo acontecer! É com o esforço e a dedicação de cada uma de nossas Pessoas que somos hoje referência no que fazemos, atuando unidos no nosso propósito, que é “Conectar para uma vida mais divertida e produtiva”. Somamos todas as tecnologias
Ooredoo Group
We are an award-winning international communications company operating across the Middle East, North Africa and Southeast Asia. Serving consumers and businesses in 10 countries, we deliver a leading data experience through a broad range of content and services via our advanced, data-centric mob
Telemont
Fundada em 1975, a Telemont Engenharia de Telecomunicações S/A é líder na prestação de serviços de implantação, manutenção e operação de redes de telecomunicações. São 7,7 milhões de acessos de voz, 3 milhões de ADSL e dados e 63 mil km de fibra óptica operados pela empresa. Através da Telemont I
.png)
SK Telecom CyberSecurity News
November 05, 2025 08:00 AM
Hackers targeting Cisco IOS XE devices with BadCandy implant
Security researchers and Australian authorities warn that exploitation activity is ongoing.
November 03, 2025 08:00 AM
Data breach costs lead to 90% drop in operating profit at South Korean telecom giant
SK Telecom said the sharp decline stemmed from compensation and recovery costs following a large-scale cyberattack disclosed in April that...
October 30, 2025 07:00 AM
Cybersecurity News: LG Uplus confirms breach, Conduent attack impacts 10M+, hackers exploit tools against Ukraine
LG Uplus, one of South Korea's largest telecoms, reported a suspected data breach to the country's cybersecurity agency KISA, joining SK...
October 30, 2025 07:00 AM
LG Uplus Reports Suspected Data Breach Amid Growing Cybersecurity Concerns in South Korea
LG Uplus, one of South Korea's largest telecommunications providers, has confirmed to TechCrunch that it has reported a suspected data...
October 29, 2025 07:00 AM
LG Uplus Becomes The Latest South Korean Telecom Giant to Confirm a Cybersecurity Breach
LG Uplus has confirmed a cybersecurity breach, joining SK Telecom and KT in South Korea's ongoing wave of telecom hacks.
October 29, 2025 07:00 AM
LG Uplus Confirms Suspected Data Breach in South Korea Telecom Cyberattack
LG Uplus, one of South Korea's leading telecom operators, confirmed to the national cyber security regulator KISA a suspicion of a data...
October 24, 2025 07:00 AM
LG Uplus joins SK telecom, KT to report hacking incident
South Korea's mobile carrier LG Uplus Corp. said its servers came under attack from unidentified hackers, becoming the third major South...
October 23, 2025 07:00 AM
LG Uplus reports cyberattack on servers following similar breaches at SK Telecom, KT
LG Uplus Corp., a major mobile carrier in South Korea, reported a cyberattack on its servers to authorities Thursday, industry sources said,...
October 08, 2025 07:00 AM
Nokia report reveals alarming extent of telco cybersecurity threats
Nokia has just published its latest Threat Intelligence ReportIt reveals the worrying extent of the cybersecurity challenges facing telcos...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
SK Telecom CyberSecurity History Information
Official Website of SK Telecom
The official website of SK Telecom is http://www.sktelecom.com/en.
SK Telecom’s AI-Generated Cybersecurity Score
According to Rankiteo, SK Telecom’s AI-generated cybersecurity score is 198, reflecting their Critical security posture.
How many security badges does SK Telecom’ have ?
According to Rankiteo, SK Telecom currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does SK Telecom have SOC 2 Type 1 certification ?
According to Rankiteo, SK Telecom is not certified under SOC 2 Type 1.
Does SK Telecom have SOC 2 Type 2 certification ?
According to Rankiteo, SK Telecom does not hold a SOC 2 Type 2 certification.
Does SK Telecom comply with GDPR ?
According to Rankiteo, SK Telecom is not listed as GDPR compliant.
Does SK Telecom have PCI DSS certification ?
According to Rankiteo, SK Telecom does not currently maintain PCI DSS compliance.
Does SK Telecom comply with HIPAA ?
According to Rankiteo, SK Telecom is not compliant with HIPAA regulations.
Does SK Telecom have ISO 27001 certification ?
According to Rankiteo,SK Telecom is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of SK Telecom
SK Telecom operates primarily in the Telecommunications industry.
Number of Employees at SK Telecom
SK Telecom employs approximately 7,230 people worldwide.
Subsidiaries Owned by SK Telecom
SK Telecom presently has no subsidiaries across any sectors.
SK Telecom’s LinkedIn Followers
SK Telecom’s official LinkedIn profile has approximately 47,947 followers.
NAICS Classification of SK Telecom
SK Telecom is classified under the NAICS code 517, which corresponds to Telecommunications.
SK Telecom’s Presence on Crunchbase
No, SK Telecom does not have a profile on Crunchbase.
SK Telecom’s Presence on LinkedIn
Yes, SK Telecom maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/sk-telecom.
Cybersecurity Incidents Involving SK Telecom
As of December 04, 2025, Rankiteo reports that SK Telecom has experienced 12 cybersecurity incidents.
Number of Peer and Competitor Companies
SK Telecom has an estimated 9,611 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at SK Telecom ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack and Breach.
What was the total financial impact of these incidents on SK Telecom ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $162.54 billion.
How does SK Telecom detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with yes, and containment measures with isolated equipment suspected of being hacked, containment measures with issued sim replacements for all subscribers, and remediation measures with strengthened security measures to prevent unauthorized number porting actions, and communication strategy with notified customers of the breach, and enhanced monitoring with started logging activity on the impacted servers, and remediation measures with company pledged to make personal data protection a core value, remediation measures with improved oversight ordered by pipc, and communication strategy with public statement expressing regret, communication strategy with acknowledgment of regulatory findings, and and remediation measures with implementation of zero-trust architecture, remediation measures with expansion of encryption, remediation measures with formation of a red team, remediation measures with elevation of ciso role to report directly to ceo, remediation measures with addition of cybersecurity experts to the board, remediation measures with free usim card replacements for customers, remediation measures with 50% discount on august subscription fees, remediation measures with waiver of early contract termination fees, and recovery measures with information security innovation plan, and communication strategy with public acknowledgment of responsibility, communication strategy with customer notifications (delayed), communication strategy with offers for free usim replacements and subscription discounts, and incident response plan activated with sk telecom: denied breach, working with authorities, incident response plan activated with kt: high-profile apology, cooperation with ministry of science and ict, and law enforcement notified with ministry of science and ict investigating sk telecom incident, law enforcement notified with kt collaborating with authorities, and communication strategy with sk telecom: public denial of breach, transparency pledge, communication strategy with kt: public apology, ongoing updates, and communication strategy with public warning issued by south korea (2016-04-01), and incident response plan activated with yes (joint public-private investigation team for kt corp.), and law enforcement notified with yes (msit-led investigation), and containment measures with server inspections (42,000+ for sk telecom), containment measures with identification of 28 infected servers (sk telecom), and communication strategy with public advisories (msit news releases on 2025-09-09 and 2025-09-16), communication strategy with u.s. forces korea advisory (april 2025, sk telecom only), and incident response plan activated with partial (company-level), incident response plan activated with delayed (government-level), and third party assistance with cybersecurity firms (e.g., theori, genians), third party assistance with kisa (korea internet & security agency), and law enforcement notified with yes (select cases), law enforcement notified with delayed in some incidents (e.g., lotte card: 17-day delay), and containment measures with sim card replacements (sk telecom), containment measures with system isolations (sgi, yes24), containment measures with network segmentation (kt), containment measures with dark web monitoring (welrix f&i), and remediation measures with customer notifications (gs retail, albamon), remediation measures with credit monitoring offers (lotte card), remediation measures with patch management (where applicable), and recovery measures with service restoration (yes24, sgi), recovery measures with fraudulent transaction reversals (kt), recovery measures with diplomatic cybersecurity advisories (embassies), and communication strategy with delayed disclosures (wemix: 5-day delay), communication strategy with public statements (sk telecom, lotte card), communication strategy with presidential office announcements (september 2025), and network segmentation with kt (post-fake base station attack), and enhanced monitoring with kisa-led initiatives, enhanced monitoring with embassy network traffic, and third party assistance with government-private joint investigation team (kt mobile payment fraud), and and containment measures with sk telecom: 5 trillion won compensation package (50% discount on mobile rates, extra 50gb data, expanded partnership discounts), containment measures with kt: investigation and shutdown of illegal base stations (24 confirmed), and communication strategy with sk telecom: public disclosure of compensation program, communication strategy with kt: confirmation of fraud victims and losses, and and containment measures with suspended new subscriptions for 2 months, containment measures with sim card replacements for affected users, and remediation measures with cybersecurity system overhaul (regulator-mandated), remediation measures with replacement of compromised sim cards, and recovery measures with 500-billion-won ($349 million) customer appreciation package (rate discounts, free data, vouchers), recovery measures with waived contract termination fees, recovery measures with 50% mobile fee discount, and communication strategy with public disclosure in april 2024, communication strategy with shareholder notification, communication strategy with customer advisories (sim replacements, discounts), and remediation measures with proactive compensation measures and efforts to prevent recurrence, and communication strategy with public statement rejecting the mediation committee's proposal, and appeal intent with leaning toward appealing the regulator's decision..
Incident Details
Can you provide details on each incident ?
Title: SK Telecom Data Breach
Description: A cybersecurity incident at SK Telecom exposed the USIM data of 27 million subscribers, allowing attackers to steal data including IMSI, USIM authentication keys, network usage data, and SMS/contacts stored in the SIM.
Date Detected: 2025-04-19
Date Publicly Disclosed: 2025-05-08
Type: Data Breach
Attack Vector: Malware
Title: SK Telecom Data Breach Affecting Half of South Korea's Population
Description: South Korea’s largest mobile operator, SK Telecom, was fined 134.8 billion won ($97 million) by the Personal Information Protection Commission (PIPC) after a cyberattack disclosed in April 2024 compromised the data of about half the nation’s population. The breach exposed vulnerabilities dating back to 2022, with allegations of prolonged lapses in securing user data. The incident raised concerns over national security risks, including potential exposure of call logs involving high-level government communications. The company was criticized for failing to report breaches promptly and for systemic weaknesses in data protection practices.
Date Publicly Disclosed: 2024-04
Type: data breach
Vulnerability Exploited: systemic weaknesses in data protectionprolonged lapses in security oversight
Title: SK Telecom Data Breach (2025)
Description: SK Telecom (SKT), one of the largest telecommunications providers in South Korea, suffered a malware breach discovered in April 2025. The breach, which may have started as early as August 2021, exposed sensitive subscriber data of approximately 27 million people due to weak security measures, including outdated systems, lack of passwords, and unpatched vulnerabilities. The company was fined ~$96.53 million for negligence and delays in customer notification.
Date Detected: 2025-04
Type: data breach
Attack Vector: malwareexploitation of unpatched vulnerabilitieslack of authentication
Vulnerability Exploited: outdated operating systemsmissing security patchesno password protection on critical serversweak intranet security
Title: Data Breach and Fraudulent Mobile Payment Incidents at SK Telecom and KT
Description: Korea’s major mobile carriers SK Telecom and KT are under scrutiny following a massive hacking incident at SK Telecom in April affecting 27 million users and a separate fraudulent mobile payment breach at KT. SK Telecom denied claims by the hacking group Scattered Lapsus$ that it possesses 100 GB of stolen customer data, including personal information like user IDs, full names, phone numbers, emails, addresses, and birthdates. Meanwhile, KT confirmed 278 cases of unauthorized transactions totaling over 170 million won ($122,460) and potential compromise of 5,561 users' IMSI data due to rogue cellular base stations intercepting payment verifications.
Date Publicly Disclosed: 2024-05-28T00:00:00Z
Type: Data Breach
Attack Vector: Hacking (Claimed by Scattered Lapsus$)Rogue Cellular Base Stations (KT Incident)Interception of Payment Verifications
Vulnerability Exploited: Unknown (SK Telecom denies breach)Weakness in Mobile Payment Verification Process (KT)
Threat Actor: Scattered Lapsus$ (claimed, unverified for SK Telecom)
Motivation: Financial Gain (Data Sale by Scattered Lapsus$)Fraud (KT Mobile Payment Breach)
Title: GPS Jamming Attack on Vessels in the Korean Demilitarized Zone (2016)
Description: In March 2016, vessels were hit by a GPS jamming attack in the demilitarized zone (DMZ) separating North and South Korea. The electronic jamming signals originated from five North Korean regions: Haeju, Yonan, Pyongyang, Kumgang, and Kaesong. The campaign, attributed to the regime of Kim Jong-un, was intended as a provocation. Nearly 700 fishing vessels were affected, along with cell phone base stations. This marked the fourth round of GPS jamming by North Korea since 2010. On April 1, South Korea issued a warning to North Korea to cease the attacks and threatened retaliatory action if the jamming continued, amid escalating tensions over North Korea’s nuclear and rocket tests.
Date Detected: 2016-03
Date Publicly Disclosed: 2016-03
Type: GPS jamming
Attack Vector: Radio frequency jammingElectromagnetic interference
Threat Actor: North Korean regime (attributed to Kim Jong-un)
Motivation: ProvocationGeopolitical tensionMilitary signaling
Title: Series of Data Breaches at Major South Korean Telecom Providers Affecting U.S. Military Customers
Description: The South Korean government is investigating multiple data breach incidents at three of the country’s largest cellphone service providers—SK Telecom, KT Corp., and LG Uplus—all of which sell plans to U.S. military customers. The breaches involve customer data hacking, micropayment scams, and large-scale data theft, with at least 10 GB of SIM card data stolen from SK Telecom in April 2025. Investigations are ongoing, with allegations of international hacking organizations selling stolen data online. KT Corp. faced an unauthorized micropayment incident, while LG Uplus is under probe for large-scale customer data theft. The incidents have raised public anxiety, prompting the Ministry of Science and Information and Communication Technology (MSIT) to launch joint investigations and pledge transparency.
Date Detected: 2025-04-012025-09-01
Date Publicly Disclosed: 2025-07-052025-09-092025-09-16
Type: Data Breach
Attack Vector: Network InfiltrationSIM Swapping (Micropayment Scam)Advanced Hacking ToolsData Exfiltration
Threat Actor: International Hacking Organization (alleged)Unknown (under investigation)
Motivation: Financial Gain (Micropayment Scams)Data Theft for Resale (Dark Web)Espionage (potential, given U.S. military customer involvement)
Title: Series of High-Profile Cyber Incidents in South Korea (2025)
Description: South Korea faced a surge of cyberattacks in 2025, targeting credit card companies, telecoms, tech startups, government agencies, and financial institutions. The incidents exposed systemic vulnerabilities, including fragmented government response, lack of skilled cybersecurity workforce, and reactive (rather than proactive) cybersecurity measures. Key attacks included data breaches at GS Retail, SK Telecom, Lotte Card, and ransomware attacks on Yes24, Seoul Guarantee Insurance, and Welrix F&I. North Korea-linked groups like Kimsuky were implicated in espionage and phishing campaigns using AI-generated deepfakes.
Date Detected: 2025-01-042025-02-282025-04-302025-05-012025-06-092025-07-142025-08-012025-08-312025-09-01
Date Publicly Disclosed: 2025-01-042025-03-042025-04-302025-05-012025-06-092025-07-142025-08-012025-08-312025-09-01
Date Resolved: ['2025-01-10', '2025-03-10', '2025-05-31', '2025-06-13', '2025-07-20', '2025-08-05', '2025-08-15', '2025-09-15']
Type: Data Breach
Attack Vector: Website ExploitationSpear-Phishing (AI Deepfakes)Fake Base StationsRansomwareCredential StuffingSocial EngineeringMalware
Threat Actor: Kimsuky (North Korea-linked)Russian-linked Hacking GroupUnidentified Hackers
Motivation: Financial GainEspionageData TheftDisruptionCyber Warfare
Title: SK Telecom USIM Data Breach and KT Mobile Payment Fraud Incidents
Description: The telecom sector in South Korea faced significant financial and operational impacts due to two major cybersecurity incidents: (1) SK Telecom's large-scale leak of USIM data affecting nearly 27 million users, leading to regulatory fines, compensation payouts, and customer churn; (2) KT's mobile payment fraud incident involving illegal base stations intercepting verification codes, exposing IMSI data of ~5,561 users and causing ~240 million won in losses. The incidents resulted in a projected 33% year-on-year drop in aggregate third-quarter operating profit for SK Telecom, KT, and LG Uplus, with SK Telecom expecting its first quarterly loss since reporting earnings.
Type: Data Breach
Attack Vector: Negligence in safety measures (SK Telecom)Illegal base stations intercepting verification codes (KT)Delay in notifying users (SK Telecom)
Vulnerability Exploited: Lack of adequate security measures for USIM data (SK Telecom)Weakness in mobile payment verification system (KT)
Threat Actor: Unknown (SK Telecom USIM leak)Two Chinese nationals (KT mobile payment fraud)
Motivation: Financial GainFraud
Title: SK Telecom Massive Data Breach Leading to Financial Decline and Leadership Overhaul
Description: South Korean telecom giant SK Telecom reported a sharp decline in third-quarter earnings, with operating profit plunging 90.9 percent and revenue dropping 12.2 percent, following massive data breaches that exposed the personal data of more than 23 million users. The breach led to a record privacy fine, a leadership overhaul, and the appointment of Jeong Jae-heon, a former judge and the company’s former head of external relations and legal group, as the new CEO—the first with a legal background in the company’s history.
Date Publicly Disclosed: 2025-10-31
Type: Data Breach
Title: SK Telecom Large-Scale Data Breach (2022-2024)
Description: South Korea’s major mobile carrier, SK Telecom, experienced a large-scale cyberattack disclosed in April 2024, exposing the personal data of about 27 million customers. The breach, traced back to 2022, involved 25 types of malware that went undetected for nearly three years. The stolen data included subscriber identity numbers, authentication keys, network activity logs, and SIM-stored text messages. The incident led to a 90% drop in operating profit for Q3 2024, a record 134 billion won ($96.5 million) fine, and a 500-billion-won ($349 million) customer appreciation package to rebuild trust.
Date Detected: 2024-04-01
Date Publicly Disclosed: 2024-04-01
Type: data breach
Attack Vector: malware (25 types)undetected network infiltration
Title: SK Telecom Data Breach and Compensation Dispute
Description: SK Telecom (SKT) rejected a proposal from the Personal Information Dispute Mediation Committee to compensate subscribers affected by a data breach. The committee had recommended paying 300,000 won (~$200) to each of the 3,998 subscribers who filed for mediation. SKT cited its existing proactive compensation measures and recurrence prevention efforts as reasons for rejecting the proposal. Affected subscribers must now pursue legal action for compensation.
Type: Data Breach
Title: SK Telecom Massive Data Breach
Description: Fallout from SK Telecom's massive data breach continues to mount, with the company now reviewing a record 134.8 billion won ($91.4 million) fine from South Korea's privacy watchdog (Personal Information Protection Commission). The regulator issued the sanction decision on Aug. 28, 2025, though SK Telecom did not receive the formal written decision report until late October, triggering a 90-day review period that puts the appeal deadline in late January 2026. The company is 'leaning toward' appealing the decision.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Web shell infection, unsecured intranetoutdated servers, SK Telecom: Unverified (claimed by Scattered Lapsus$)KT: Rogue cellular base stations intercepting payment verifications, Radio frequency jamming from North Korean regions (Haeju, Yonan, Pyongyang, Kumgang, Kaesong), Compromised websites (GS Retail)Phishing emails (Kimsuky)Fake base stations (KT)Exploited vulnerabilities (Yes24, SGI) and Unknown (SK Telecom USIM leak)Illegal base stations intercepting verification codes (KT).
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach SK-524052025
Data Compromised: Imsi, Usim authentication keys, Network usage data, Sms/contacts stored in the sim
Systems Affected: 23 compromised servers30,000 Linux servers examined
Operational Impact: Stopped accepting new subscribers
Incident : data breach SK-633082925
Data Compromised: Customer data, Call data records (potential exposure of call logs)
Operational Impact: regulatory scrutinypublic outragecustomer churn risk
Customer Complaints: ['high (public outrage)']
Brand Reputation Impact: severe damage due to national-scale breach and regulatory criticism
Legal Liabilities: fines imposed by PIPCpotential legal actions from affected customers
Identity Theft Risk: ['high (personal data theft risks)']
Incident : data breach SK-905083025
Financial Loss: $96.53 million (fine)
Data Compromised: Usim authentication keys (ki), International mobile subscriber identity (imsi) numbers, Imei device identifiers, Phone numbers, Email addresses, Potentially other personal data
Systems Affected: Home Subscriber Server (HSS)critical infrastructureintranet
Operational Impact: Significant; required revamp of governance and security measures
Brand Reputation Impact: Severe; public acknowledgment of 'grave responsibility' and loss of customer trust
Legal Liabilities: $96.53 million fine by Personal Information Protection Commission
Identity Theft Risk: High (due to exposure of IMSI, IMEI, and personal data)
Incident : Data Breach SK-3932739091625
Data Compromised: Sk Telecom: C, l, a, i, m, e, d, :, , 2, 7, , m, i, l, l, i, o, n, , u, s, e, r, , r, e, c, o, r, d, s, , (, 1, 0, 0, , G, B, , s, a, m, p, l, e, , o, f, f, e, r, e, d, , f, o, r, , $, 1, 0, ,, 0, 0, 0, ;, , i, n, c, l, u, d, e, s, , u, s, e, r, , I, D, s, ,, , f, u, l, l, , n, a, m, e, s, ,, , p, h, o, n, e, , n, u, m, b, e, r, s, ,, , e, m, a, i, l, s, ,, , a, d, d, r, e, s, s, e, s, ,, , b, i, r, t, h, d, a, t, e, s, ), Kt: 5, ,, 5, 6, 1, , u, s, e, r, s, ', , I, M, S, I, , d, a, t, a, , p, o, t, e, n, t, i, a, l, l, y, , c, o, m, p, r, o, m, i, s, e, d,
Operational Impact: Market share drop for SK Telecom (below 40% for the first time in a decade)Customer anxiety and potential churn for both carriersRegulatory scrutiny and investigations by Ministry of Science and ICT
Customer Complaints: ['Growing concerns from consumers', 'Daily checks for unauthorized payments by KT users', 'Anxiety over potential future breaches']
Brand Reputation Impact: Erosion of trust in SK Telecom and KTNegative media coveragePotential subscriber churn coinciding with iPhone 17 launch
Identity Theft Risk: ['High (if SK Telecom data breach claims are true)', 'Moderate (KT IMSI data compromise)']
Payment Information Risk: ['High (KT fraudulent transactions)', 'Low (SK Telecom denies breach)']
Incident : GPS jamming SK-422092125
Systems Affected: GPS navigation systemsCell phone base stations
Operational Impact: Disruption of vessel navigationCommunication interference
Incident : Data Breach SK-2162921092525
Data Compromised: Sim card data (10+ gb from sk telecom), Customer identity/financial information (kt micropayment scam), Large-scale customer data (lg uplus, under investigation)
Systems Affected: 42,000+ servers inspected (SK Telecom)28 servers infected with advanced hacking tools (SK Telecom)
Operational Impact: Joint public-private investigation (KT Corp.)U.S. Forces Korea advisory issued (SK Telecom, April 2025)
Customer Complaints: Increased public anxiety reported
Brand Reputation Impact: High (multiple breaches at major providers, U.S. military customers affected)
Identity Theft Risk: High (SIM swapping, micropayment scams)
Payment Information Risk: High (micropayment scams, financial data exposure)
Incident : Data Breach SK-1802718100125
Financial Loss: $6.2 million (Wemix)Operational costs for SIM replacements (SK Telecom)Revenue loss during downtime (Yes24, SGI, Welrix F&I)
Data Compromised: 90,000 customer records (gs retail: names, birth dates, contact details, addresses, emails), 23 million customer records (sk telecom: personal data), 20,000 resumes (albamon: names, phone numbers, emails), 200gb of data (lotte card: ~3 million customers), 1tb+ internal files (welrix f&i: sensitive customer data), Subscriber data (kt: imsi, imei, phone numbers, micro-payment fraud), Diplomatic communications (19 embassies: espionage via fake emails)
Systems Affected: GS Retail (website)Wemix (blockchain infrastructure)Albamon (job platform database)SK Telecom (customer data systems)Yes24 (ticketing/retail platform, twice)Seoul Guarantee Insurance (core systems: guarantees, verification)Lotte Card (credit/debit card systems)Welrix F&I (lending systems)KT (mobile network via fake base stations)South Korean military/defense institutions (deepfake phishing)
Downtime: ['4 days (Yes24, June 2025)', 'Few hours (Yes24, August 2025)', 'Days (Seoul Guarantee Insurance, July 2025)', 'Weeks (SK Telecom SIM replacements, April–May 2025)']
Operational Impact: Service disruptions (Yes24, SGI, Welrix F&I)Customer verification delays (SGI)Fraudulent micro-payments (KT)Diplomatic communications compromise (embassies)
Revenue Loss: ['Yes24 (ticketing/retail sales)', 'Welrix F&I (lending operations)', 'Lotte Card (customer trust/transaction volume)']
Customer Complaints: ['SK Telecom (SIM replacement process)', 'Lotte Card (data exposure)', 'Yes24 (repeated outages)']
Brand Reputation Impact: SK TelecomLotte CardYes24Welrix F&IKTSouth Korean government (fragmented response)
Legal Liabilities: Potential GDPR-like fines (if applicable)Class-action lawsuits (e.g., SK Telecom, Lotte Card)
Identity Theft Risk: ['GS Retail (90,000 customers)', 'SK Telecom (23M customers)', 'Lotte Card (3M customers)', 'Albamon (20,000 users)']
Payment Information Risk: ['Lotte Card (credit/debit data)', 'KT (unauthorized micro-payments)']
Incident : Data Breach SK-5462054101625
Financial Loss: 1 trillion won (SK Telecom compensation program)134.8 billion won (regulatory fine for SK Telecom)240 million won (KT unauthorized payments)Projected 27.4 billion won consolidated operating loss (SK Telecom)
Data Compromised: Usim data of ~27 million users (sk telecom), International mobile subscriber identity (imsi) of ~5,561 users (kt)
Operational Impact: Customer churn (SK Telecom lost subscribers to KT and LG Uplus)Regulatory scrutiny and largest-ever penalty by Personal Information Protection Commission (SK Telecom)Ongoing mobile payment fraud investigations (KT)
Conversion Rate Impact: ['KT gained ~280,000 subscribers from SK Telecom', 'LG Uplus experienced modest growth']
Revenue Loss: ['SK Telecom: 12.96% drop in revenue (3.94 trillion won vs. prior year)', 'Aggregate 33% drop in operating profit for all three carriers (829.2 billion won vs. 1.24 trillion won prior year)']
Brand Reputation Impact: Severe damage to SK Telecom's reputationKT faced reputational risks due to mobile payment fraud
Legal Liabilities: 134.8 billion won fine for SK TelecomPotential legal actions from affected customers
Identity Theft Risk: ['High (USIM data exposure for 27 million users)', 'High (IMSI exposure for 5,561 users)']
Payment Information Risk: ['Unauthorized payments totaling ~240 million won (KT)']
Incident : Data Breach SK-5832258103125
Data Compromised: Personal data of over 23 million users
Operational Impact: Significant (leadership overhaul, CEO replacement)
Revenue Loss: 12.2% decline in third-quarter revenue
Brand Reputation Impact: Severe (triggered leadership change and regulatory scrutiny)
Legal Liabilities: Record privacy fine
Identity Theft Risk: High (personal data of 23M+ users exposed)
Incident : data breach SK-5102251110425
Data Compromised: Records Exposed: 2, 7, , m, i, l, l, i, o, n, , c, u, s, t, o, m, e, r, s, Data Types: [, ', s, u, b, s, c, r, i, b, e, r, , i, d, e, n, t, i, t, y, , n, u, m, b, e, r, s, ', ,, , ', a, u, t, h, e, n, t, i, c, a, t, i, o, n, , k, e, y, s, ', ,, , ', n, e, t, w, o, r, k, , a, c, t, i, v, i, t, y, , l, o, g, s, ', ,, , ', S, I, M, -, s, t, o, r, e, d, , t, e, x, t, , m, e, s, s, a, g, e, s, ', ],
Operational Impact: suspended new subscriptions for 2 monthsSIM card replacements for millions of userscybersecurity system overhaul mandated by regulators
Revenue Loss: 12.2% sales decline in Q3 2024
Brand Reputation Impact: loss of customer trustincreased churn due to fee waivers/discountsfirst quarterly loss since 2000
Legal Liabilities: 134 billion won regulatory finemandated cybersecurity overhaul
Identity Theft Risk: high (subscriber identity numbers and authentication keys compromised)
Incident : Data Breach SK-4732347112025
Customer Complaints: True
Incident : Data Breach SK-0534105112425
Legal Liabilities: Fine Amount: 134.8 billion won ($91.4 million), Regulator: Personal Information Protection Commission (South Korea),
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $13.55 billion.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Imsi, Usim Authentication Keys, Network Usage Data, Sms/Contacts Stored In The Sim, , Customer Data, Call Data Records, , Subscriber Authentication Data, Personal Identifiable Information (Pii), Device Identifiers, , Sk Telecom (Claimed): User Ids, Full Names, Phone Numbers, Emails, Addresses, Birthdates, Kt: International Mobile Subscriber Identity (Imsi) Data, , Sim Card Data, Customer Identity Information, Financial Information (Micropayment Scams), Potential Pii (Under Investigation For Lg Uplus), , Personal Identifiable Information (Pii), Financial Data, Resume/Employment Data, Diplomatic Communications, Mobile Subscriber Data (Imsi, Imei), Internal Corporate Files, , Universal Subscriber Identity Module (Usim) Data (Sk Telecom), International Mobile Subscriber Identity (Imsi) (Kt), , Personal data, Subscriber Identity Numbers, Authentication Keys, Network Activity Logs, Sim-Stored Text Messages and .
Which entities were affected by each incident ?
Incident : Data Breach SK-524052025
Entity Name: SK Telecom
Entity Type: Mobile Network Operator
Industry: Telecommunications
Location: South Korea
Size: Large
Customers Affected: 26.95 million
Incident : data breach SK-633082925
Entity Name: SK Telecom Co.
Entity Type: telecommunications operator
Industry: telecommunications
Location: South Korea
Size: large (largest mobile operator in South Korea)
Customers Affected: ~half of South Korea's population
Incident : data breach SK-905083025
Entity Name: SK Telecom (SKT)
Entity Type: telecommunications provider
Industry: Telecommunications
Location: South Korea
Size: Large (one of the biggest in South Korea)
Customers Affected: 27 million
Incident : Data Breach SK-3932739091625
Entity Name: SK Telecom
Entity Type: Telecommunications Operator
Industry: Telecommunications
Location: South Korea
Size: Large (Nation's largest telecom operator)
Customers Affected: 27 million (claimed; denied by SK Telecom)
Incident : Data Breach SK-3932739091625
Entity Name: KT Corporation
Entity Type: Telecommunications Operator
Industry: Telecommunications
Location: South Korea
Size: Large
Customers Affected: 278 (fraud cases) + 5,561 (potential IMSI compromise)
Incident : GPS jamming SK-422092125
Entity Name: South Korean fishing vessels
Entity Type: Maritime
Industry: Fishing
Location: Demilitarized Zone (DMZ), Korea
Size: ~700 vessels
Incident : GPS jamming SK-422092125
Entity Name: South Korean cell phone base stations
Entity Type: Telecommunications
Industry: Telecommunications
Location: Demilitarized Zone (DMZ), Korea
Incident : Data Breach SK-2162921092525
Entity Name: SK Telecom
Entity Type: Telecommunications Provider
Industry: Telecom
Location: South Korea
Size: Large (Market leader)
Customers Affected: Includes U.S. military personnel at Camp Humphreys, Osan Air Base
Incident : Data Breach SK-2162921092525
Entity Name: KT Corp.
Entity Type: Telecommunications Provider
Industry: Telecom
Location: South Korea
Size: Large
Customers Affected: Includes U.S. military personnel at Camp Humphreys, Osan Air Base
Incident : Data Breach SK-2162921092525
Entity Name: LG Uplus
Entity Type: Telecommunications Provider
Industry: Telecom
Location: South Korea
Size: Large
Customers Affected: Includes U.S. military personnel at Camp Humphreys, Osan Air Base
Incident : Data Breach SK-2162921092525
Entity Name: U.S. Forces Korea (USFK)
Entity Type: Military Command
Industry: Defense
Location: South Korea
Customers Affected: Service members, DoD employees, and families using local telecom plans
Incident : Data Breach SK-1802718100125
Entity Name: GS Retail
Entity Type: Retail
Industry: Convenience Stores/Grocery
Location: South Korea
Size: Large
Customers Affected: 90,000
Incident : Data Breach SK-1802718100125
Entity Name: Wemix
Entity Type: Blockchain
Industry: Gaming/FinTech
Location: South Korea
Size: Mid-Large
Incident : Data Breach SK-1802718100125
Entity Name: Albamon
Entity Type: Job Platform
Industry: HR/Recruitment
Location: South Korea
Size: Mid
Customers Affected: 20,000
Incident : Data Breach SK-1802718100125
Entity Name: SK Telecom
Entity Type: Telecom
Industry: Telecommunications
Location: South Korea
Size: Large
Customers Affected: 23,000,000
Incident : Data Breach SK-1802718100125
Entity Name: Yes24
Entity Type: E-Commerce
Industry: Ticketing/Retail
Location: South Korea
Size: Large
Incident : Data Breach SK-1802718100125
Entity Name: Seoul Guarantee Insurance (SGI)
Entity Type: Financial Institution
Industry: Insurance
Location: South Korea
Size: Mid-Large
Incident : Data Breach SK-1802718100125
Entity Name: Lotte Card
Entity Type: Financial Services
Industry: Credit/Debit Cards
Location: South Korea
Size: Large
Customers Affected: 3,000,000
Incident : Data Breach SK-1802718100125
Entity Name: Welrix F&I (Welcome Financial Group)
Entity Type: Financial Services
Industry: Lending
Location: South Korea
Size: Mid-Large
Incident : Data Breach SK-1802718100125
Entity Name: KT Corporation
Entity Type: Telecom
Industry: Telecommunications
Location: South Korea
Size: Large
Customers Affected: 5,500
Incident : Data Breach SK-1802718100125
Entity Name: South Korean Government (Multiple Ministries)
Entity Type: Government
Industry: Public Sector
Location: South Korea
Size: National
Incident : Data Breach SK-1802718100125
Entity Name: 19 Foreign Embassies in South Korea
Entity Type: Diplomatic
Industry: International Relations
Location: South Korea
Incident : Data Breach SK-1802718100125
Entity Name: Unnamed Defense-Related Institution
Entity Type: Military/Defense
Industry: National Security
Location: South Korea
Incident : Data Breach SK-5462054101625
Entity Name: SK Telecom
Entity Type: Telecommunications
Industry: Telecom
Location: South Korea
Size: Large (one of South Korea's three major telecoms)
Customers Affected: ~27 million (USIM data leak)
Incident : Data Breach SK-5462054101625
Entity Name: KT Corporation
Entity Type: Telecommunications
Industry: Telecom
Location: South Korea
Size: Large
Customers Affected: ~5,561 (IMSI exposure), 362 confirmed fraud victims
Incident : Data Breach SK-5462054101625
Entity Name: LG Uplus
Entity Type: Telecommunications
Industry: Telecom
Location: South Korea
Size: Large
Customers Affected: Indirectly affected (gained subscribers from SK Telecom)
Incident : Data Breach SK-5832258103125
Entity Name: SK Telecom
Entity Type: Telecommunications
Industry: Telecom
Location: South Korea
Size: Large (telecom giant)
Customers Affected: 23 million+
Incident : data breach SK-5102251110425
Entity Name: SK Telecom
Entity Type: telecommunications carrier
Industry: telecom
Location: Seoul, South Korea
Size: large (27 million customers affected)
Customers Affected: 27 million
Incident : Data Breach SK-4732347112025
Entity Name: SK Telecom (SKT)
Entity Type: Telecommunications Company
Industry: Telecommunications
Location: South Korea
Customers Affected: 3998
Incident : Data Breach SK-0534105112425
Entity Name: SK Telecom
Entity Type: Telecommunications
Industry: Telecom
Location: South Korea
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach SK-524052025
Incident Response Plan Activated: Yes
Containment Measures: Isolated equipment suspected of being hackedIssued SIM replacements for all subscribers
Remediation Measures: Strengthened security measures to prevent unauthorized number porting actions
Communication Strategy: Notified customers of the breach
Enhanced Monitoring: Started logging activity on the impacted servers
Incident : data breach SK-633082925
Remediation Measures: company pledged to make personal data protection a core valueimproved oversight ordered by PIPC
Communication Strategy: public statement expressing regretacknowledgment of regulatory findings
Incident : data breach SK-905083025
Incident Response Plan Activated: True
Remediation Measures: Implementation of zero-trust architectureExpansion of encryptionFormation of a red teamElevation of CISO role to report directly to CEOAddition of cybersecurity experts to the boardFree USIM card replacements for customers50% discount on August subscription feesWaiver of early contract termination fees
Recovery Measures: Information Security Innovation Plan
Communication Strategy: Public acknowledgment of responsibilityCustomer notifications (delayed)Offers for free USIM replacements and subscription discounts
Incident : Data Breach SK-3932739091625
Incident Response Plan Activated: ['SK Telecom: Denied breach, working with authorities', 'KT: High-profile apology, cooperation with Ministry of Science and ICT']
Law Enforcement Notified: Ministry of Science and ICT investigating SK Telecom incident, KT collaborating with authorities,
Communication Strategy: SK Telecom: Public denial of breach, transparency pledgeKT: Public apology, ongoing updates
Incident : GPS jamming SK-422092125
Communication Strategy: Public warning issued by South Korea (2016-04-01)
Incident : Data Breach SK-2162921092525
Incident Response Plan Activated: Yes (Joint public-private investigation team for KT Corp.)
Law Enforcement Notified: Yes (MSIT-led investigation)
Containment Measures: Server inspections (42,000+ for SK Telecom)Identification of 28 infected servers (SK Telecom)
Communication Strategy: Public advisories (MSIT news releases on 2025-09-09 and 2025-09-16)U.S. Forces Korea advisory (April 2025, SK Telecom only)
Incident : Data Breach SK-1802718100125
Incident Response Plan Activated: ['Partial (company-level)', 'Delayed (government-level)']
Third Party Assistance: Cybersecurity Firms (E.G., Theori, Genians), Kisa (Korea Internet & Security Agency).
Law Enforcement Notified: Yes (select cases), Delayed in some incidents (e.g., Lotte Card: 17-day delay),
Containment Measures: SIM card replacements (SK Telecom)System isolations (SGI, Yes24)Network segmentation (KT)Dark web monitoring (Welrix F&I)
Remediation Measures: Customer notifications (GS Retail, Albamon)Credit monitoring offers (Lotte Card)Patch management (where applicable)
Recovery Measures: Service restoration (Yes24, SGI)Fraudulent transaction reversals (KT)Diplomatic cybersecurity advisories (embassies)
Communication Strategy: Delayed disclosures (Wemix: 5-day delay)Public statements (SK Telecom, Lotte Card)Presidential Office announcements (September 2025)
Network Segmentation: ['KT (post-fake base station attack)']
Enhanced Monitoring: KISA-led initiativesEmbassy network traffic
Incident : Data Breach SK-5462054101625
Third Party Assistance: Government-Private Joint Investigation Team (Kt Mobile Payment Fraud).
Containment Measures: SK Telecom: 5 trillion won compensation package (50% discount on mobile rates, extra 50GB data, expanded partnership discounts)KT: Investigation and shutdown of illegal base stations (24 confirmed)
Communication Strategy: SK Telecom: Public disclosure of compensation programKT: Confirmation of fraud victims and losses
Incident : data breach SK-5102251110425
Incident Response Plan Activated: True
Containment Measures: suspended new subscriptions for 2 monthsSIM card replacements for affected users
Remediation Measures: cybersecurity system overhaul (regulator-mandated)replacement of compromised SIM cards
Recovery Measures: 500-billion-won ($349 million) customer appreciation package (rate discounts, free data, vouchers)waived contract termination fees50% mobile fee discount
Communication Strategy: public disclosure in April 2024shareholder notificationcustomer advisories (SIM replacements, discounts)
Incident : Data Breach SK-4732347112025
Remediation Measures: Proactive compensation measures and efforts to prevent recurrence
Communication Strategy: Public statement rejecting the mediation committee's proposal
Incident : Data Breach SK-0534105112425
Communication Strategy: Appeal Intent: leaning toward appealing the regulator's decision.
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes, , SK Telecom: Denied breach, working with authorities, KT: High-profile apology, cooperation with Ministry of Science and ICT, , Yes (Joint public-private investigation team for KT Corp.), Partial (company-level), Delayed (government-level), , .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Cybersecurity firms (e.g., Theori, Genians), KISA (Korea Internet & Security Agency), , Government-private joint investigation team (KT mobile payment fraud), .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach SK-524052025
Type of Data Compromised: Imsi, Usim authentication keys, Network usage data, Sms/contacts stored in the sim
Number of Records Exposed: 26.95 million
Sensitivity of Data: High
Data Exfiltration: Possible
Personally Identifiable Information: IMEI numbers
Incident : data breach SK-633082925
Type of Data Compromised: Customer data, Call data records
Number of Records Exposed: ~half of South Korea's population (estimated tens of millions)
Sensitivity of Data: high (includes call logs with potential national security implications)
Data Exfiltration: likely (call logs and customer data accessed)
Personally Identifiable Information: likely (customer data)
Incident : data breach SK-905083025
Type of Data Compromised: Subscriber authentication data, Personal identifiable information (pii), Device identifiers
Number of Records Exposed: 27 million
Sensitivity of Data: High (includes USIM keys, IMSI, IMEI, and personal data)
Incident : Data Breach SK-3932739091625
Type of Data Compromised: Sk telecom (claimed): user ids, full names, phone numbers, emails, addresses, birthdates, Kt: international mobile subscriber identity (imsi) data
Number of Records Exposed: SK Telecom: 27 million (claimed), KT: 5,561 (IMSI data)
Sensitivity of Data: High (PII for SK Telecom; IMSI for KT)
Data Exfiltration: SK Telecom: Claimed 100 GB sample (denied by company)KT: Unclear (IMSI data potentially intercepted)
File Types Exposed: SK Telecom: FTP screenshots, sample datasets (fabricated, per company)KT: Unknown
Personally Identifiable Information: SK Telecom: User IDs, full names, phone numbers, emails, addresses, birthdates (claimed)KT: IMSI data (5,561 users)
Incident : Data Breach SK-2162921092525
Type of Data Compromised: Sim card data, Customer identity information, Financial information (micropayment scams), Potential pii (under investigation for lg uplus)
Sensitivity of Data: High (includes PII, financial data, and potential military-affiliated customer data)
Data Exfiltration: Yes (10+ GB from SK Telecom, alleged dark web sales)
Personally Identifiable Information: Yes (SIM data, identity/financial info from micropayment scams)
Incident : Data Breach SK-1802718100125
Type of Data Compromised: Personal identifiable information (pii), Financial data, Resume/employment data, Diplomatic communications, Mobile subscriber data (imsi, imei), Internal corporate files
Number of Records Exposed: 90,000 (GS Retail), 23,000,000 (SK Telecom), 20,000 (Albamon), 3,000,000 (Lotte Card), 5,500 (KT)
Sensitivity of Data: High (PII, financial, diplomatic)Medium (resumes, subscriber data)
Data Exfiltration: Yes (GS Retail, Lotte Card, Welrix F&I)Likely (SK Telecom, KT)
File Types Exposed: DatabasesPDFs (resumes)EmailsTransaction logsInternal documents
Personally Identifiable Information: NamesBirth datesAddressesPhone numbersEmail addressesIMSI/IMEI
Incident : Data Breach SK-5462054101625
Type of Data Compromised: Universal subscriber identity module (usim) data (sk telecom), International mobile subscriber identity (imsi) (kt)
Number of Records Exposed: ~27 million (SK Telecom), ~5,561 (KT)
Sensitivity of Data: High (USIM/IMSI data can enable identity theft, SIM swapping, and unauthorized access)
Data Exfiltration: Confirmed (SK Telecom USIM data)Confirmed (KT IMSI data via illegal base stations)
Personally Identifiable Information: USIM data (includes subscriber identities)IMSI (unique identifier for mobile users)
Incident : Data Breach SK-5832258103125
Type of Data Compromised: Personal data
Number of Records Exposed: 23 million+
Sensitivity of Data: High (personally identifiable information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : data breach SK-5102251110425
Type of Data Compromised: Subscriber identity numbers, Authentication keys, Network activity logs, Sim-stored text messages
Number of Records Exposed: 27 million
Sensitivity of Data: high (includes authentication credentials and identity data)
Incident : Data Breach SK-4732347112025
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Strengthened security measures to prevent unauthorized number porting actions, , company pledged to make personal data protection a core value, improved oversight ordered by PIPC, , Implementation of zero-trust architecture, Expansion of encryption, Formation of a red team, Elevation of CISO role to report directly to CEO, Addition of cybersecurity experts to the board, Free USIM card replacements for customers, 50% discount on August subscription fees, Waiver of early contract termination fees, , Customer notifications (GS Retail, Albamon), Credit monitoring offers (Lotte Card), Patch management (where applicable), , cybersecurity system overhaul (regulator-mandated), replacement of compromised SIM cards, , Proactive compensation measures and efforts to prevent recurrence.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by isolated equipment suspected of being hacked, issued sim replacements for all subscribers, , server inspections (42,000+ for sk telecom), identification of 28 infected servers (sk telecom), , sim card replacements (sk telecom), system isolations (sgi, yes24), network segmentation (kt), dark web monitoring (welrix f&i), , sk telecom: 5 trillion won compensation package (50% discount on mobile rates, extra 50gb data, expanded partnership discounts), kt: investigation and shutdown of illegal base stations (24 confirmed), , suspended new subscriptions for 2 months, sim card replacements for affected users and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : data breach SK-905083025
Data Exfiltration: True
Incident : Data Breach SK-2162921092525
Data Exfiltration: Yes (SK Telecom, 10+ GB)
Incident : Data Breach SK-1802718100125
Ransom Demanded: ['Yes (Yes24, SGI, Welrix F&I)', 'Amounts undisclosed']
Data Encryption: ['Yes (core systems disrupted)']
Data Exfiltration: ['Yes (Welrix F&I: 1TB+ leaked on dark web)']
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Information Security Innovation Plan, , Service restoration (Yes24, SGI), Fraudulent transaction reversals (KT), Diplomatic cybersecurity advisories (embassies), , 500-billion-won ($349 million) customer appreciation package (rate discounts, free data, vouchers), waived contract termination fees, 50% mobile fee discount, .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach SK-633082925
Regulations Violated: Personal Information Protection Act (South Korea), timely breach reporting requirements,
Fines Imposed: 134.8 billion won ($97 million)
Legal Actions: PIPC investigation, regulatory orders for improved oversight,
Regulatory Notifications: PIPC public disclosureMinistry of Science and ICT recommendations
Incident : data breach SK-905083025
Regulations Violated: Personal Information Protection Act (South Korea),
Fines Imposed: $96.53 million (134 billion won)
Regulatory Notifications: Delayed notification to customers
Incident : Data Breach SK-3932739091625
Regulatory Notifications: Ministry of Science and ICT investigating SK TelecomKT reporting to authorities
Incident : Data Breach SK-2162921092525
Regulatory Notifications: Yes (MSIT investigations, public disclosures)
Incident : Data Breach SK-1802718100125
Regulations Violated: Potential violations of South Korea’s Personal Information Protection Act (PIPA), Financial sector regulations,
Legal Actions: Investigations ongoing (e.g., Lotte Card, SK Telecom),
Regulatory Notifications: Delayed in some casesNew legal powers proposed (September 2025)
Incident : Data Breach SK-5462054101625
Regulations Violated: Personal Information Protection Act (South Korea) - SK Telecom fined for neglecting safety measures and delayed user notification,
Fines Imposed: ['134.8 billion won (SK Telecom)']
Regulatory Notifications: Personal Information Protection Commission (SK Telecom)
Incident : Data Breach SK-5832258103125
Fines Imposed: Record privacy fine (amount unspecified)
Incident : data breach SK-5102251110425
Fines Imposed: 134 billion won ($96.5 million)
Legal Actions: mandated cybersecurity overhaul, regulatory investigation,
Incident : Data Breach SK-4732347112025
Legal Actions: Potential lawsuits by affected subscribers
Regulatory Notifications: Personal Information Dispute Mediation Committee involved
Incident : Data Breach SK-0534105112425
Regulations Violated: South Korea's Personal Information Protection Act (or equivalent),
Fines Imposed: 134.8 billion won ($91.4 million)
Legal Actions: Source: MLex Insight, Date Accessed: November 24, 2025,
Regulatory Notifications: regulator: Personal Information Protection Commission (PIPC), decision_date: August 28, 2025, formal_notice_date: late October 2025
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through PIPC investigation, regulatory orders for improved oversight, , Investigations ongoing (e.g., Lotte Card, SK Telecom), , mandated cybersecurity overhaul, regulatory investigation, , Potential lawsuits by affected subscribers, appeal_status: under review (deadline: late January 2026), appeal_intent: leaning toward appealing, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : data breach SK-633082925
Lessons Learned: Prolonged systemic vulnerabilities can lead to catastrophic breaches with national security implications., Timely reporting and proactive remediation of security weaknesses are critical to mitigating risks., Telecom operators must prioritize data protection as a core business value to prevent regulatory and reputational damage.
Incident : data breach SK-905083025
Lessons Learned: Critical importance of basic security measures (e.g., passwords, patches), Need for proactive monitoring to detect long-term intrusions, Significance of timely customer notification in breach scenarios, Governance and security culture must be prioritized at the executive level
Incident : Data Breach SK-1802718100125
Lessons Learned: Fragmented government response exacerbates cyber risks., Lack of a centralized 'first responder' agency delays containment., Skilled cybersecurity workforce shortage hinders proactive defenses., Reactive measures (e.g., SIM replacements) are costly and insufficient., AI-generated deepfakes pose emerging threats for espionage/phishing., Cross-ministerial coordination is critical for national cyber resilience.
Incident : Data Breach SK-5462054101625
Lessons Learned: Importance of timely incident disclosure to users and regulators, Need for robust security measures for subscriber identity data (USIM/IMSI), Vulnerabilities in mobile payment verification systems can lead to large-scale fraud, Compensation programs can mitigate customer churn but may not fully restore reputation
Incident : data breach SK-5102251110425
Lessons Learned: Proactive detection of malware is critical to prevent long-term undetected breaches., Regular cybersecurity audits and vulnerability assessments are essential for large-scale infrastructure., Customer trust recovery requires significant financial investment and transparency., Regulatory compliance and fines can compound financial losses post-breach.
What recommendations were made to prevent future incidents ?
Incident : data breach SK-633082925
Recommendations: Implement robust, continuous monitoring for data protection gaps., Enhance incident response protocols to ensure timely breach reporting., Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing., Conduct regular third-party audits to identify and address vulnerabilities proactively.Implement robust, continuous monitoring for data protection gaps., Enhance incident response protocols to ensure timely breach reporting., Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing., Conduct regular third-party audits to identify and address vulnerabilities proactively.Implement robust, continuous monitoring for data protection gaps., Enhance incident response protocols to ensure timely breach reporting., Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing., Conduct regular third-party audits to identify and address vulnerabilities proactively.Implement robust, continuous monitoring for data protection gaps., Enhance incident response protocols to ensure timely breach reporting., Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing., Conduct regular third-party audits to identify and address vulnerabilities proactively.
Incident : data breach SK-905083025
Recommendations: Adopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosureAdopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosureAdopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosureAdopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosureAdopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosureAdopt zero-trust architecture enterprise-wide, Regularly audit and update security patches, Implement multi-factor authentication (MFA) for critical systems, Enhance intrusion detection and response capabilities, Conduct third-party security assessments, Establish clearer incident response protocols for timely disclosure
Incident : Data Breach SK-1802718100125
Recommendations: Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.Establish a central cybersecurity authority with technical and strategic oversight., Mandate real-time breach reporting (even without company disclosures)., Invest in workforce development (e.g., cybersecurity training programs)., Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Enhance public-private collaboration for threat intelligence sharing., Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Conduct regular red-team exercises for critical infrastructure.
Incident : Data Breach SK-5462054101625
Recommendations: Enhance encryption and access controls for USIM/IMSI data, Implement multi-factor authentication for mobile payments, Strengthen monitoring for illegal base stations and SIM swapping attempts, Proactive communication with customers and regulators during incidents, Regular security audits for telecom infrastructureEnhance encryption and access controls for USIM/IMSI data, Implement multi-factor authentication for mobile payments, Strengthen monitoring for illegal base stations and SIM swapping attempts, Proactive communication with customers and regulators during incidents, Regular security audits for telecom infrastructureEnhance encryption and access controls for USIM/IMSI data, Implement multi-factor authentication for mobile payments, Strengthen monitoring for illegal base stations and SIM swapping attempts, Proactive communication with customers and regulators during incidents, Regular security audits for telecom infrastructureEnhance encryption and access controls for USIM/IMSI data, Implement multi-factor authentication for mobile payments, Strengthen monitoring for illegal base stations and SIM swapping attempts, Proactive communication with customers and regulators during incidents, Regular security audits for telecom infrastructureEnhance encryption and access controls for USIM/IMSI data, Implement multi-factor authentication for mobile payments, Strengthen monitoring for illegal base stations and SIM swapping attempts, Proactive communication with customers and regulators during incidents, Regular security audits for telecom infrastructure
Incident : data breach SK-5102251110425
Recommendations: Implement advanced threat detection systems to identify malware early., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Enhance employee training on cybersecurity best practices and incident response., Develop a robust communication plan for customer and stakeholder notifications during breaches., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.Implement advanced threat detection systems to identify malware early., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Enhance employee training on cybersecurity best practices and incident response., Develop a robust communication plan for customer and stakeholder notifications during breaches., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.Implement advanced threat detection systems to identify malware early., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Enhance employee training on cybersecurity best practices and incident response., Develop a robust communication plan for customer and stakeholder notifications during breaches., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.Implement advanced threat detection systems to identify malware early., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Enhance employee training on cybersecurity best practices and incident response., Develop a robust communication plan for customer and stakeholder notifications during breaches., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.Implement advanced threat detection systems to identify malware early., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Enhance employee training on cybersecurity best practices and incident response., Develop a robust communication plan for customer and stakeholder notifications during breaches., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Prolonged systemic vulnerabilities can lead to catastrophic breaches with national security implications.,Timely reporting and proactive remediation of security weaknesses are critical to mitigating risks.,Telecom operators must prioritize data protection as a core business value to prevent regulatory and reputational damage.Critical importance of basic security measures (e.g., passwords, patches),Need for proactive monitoring to detect long-term intrusions,Significance of timely customer notification in breach scenarios,Governance and security culture must be prioritized at the executive levelFragmented government response exacerbates cyber risks.,Lack of a centralized 'first responder' agency delays containment.,Skilled cybersecurity workforce shortage hinders proactive defenses.,Reactive measures (e.g., SIM replacements) are costly and insufficient.,AI-generated deepfakes pose emerging threats for espionage/phishing.,Cross-ministerial coordination is critical for national cyber resilience.Importance of timely incident disclosure to users and regulators,Need for robust security measures for subscriber identity data (USIM/IMSI),Vulnerabilities in mobile payment verification systems can lead to large-scale fraud,Compensation programs can mitigate customer churn but may not fully restore reputationProactive detection of malware is critical to prevent long-term undetected breaches.,Regular cybersecurity audits and vulnerability assessments are essential for large-scale infrastructure.,Customer trust recovery requires significant financial investment and transparency.,Regulatory compliance and fines can compound financial losses post-breach.
References
Where can I find more information about each incident ?
Incident : Data Breach SK-524052025
Source: @mstoned7
Incident : data breach SK-633082925
Source: Bloomberg
Incident : data breach SK-633082925
Source: Personal Information Protection Commission (PIPC) of South Korea
Incident : data breach SK-633082925
Source: Ministry of Science and ICT (South Korea)
Incident : data breach SK-633082925
Source: Statement by Lawmaker Yu Yong Weon (National Cybersecurity Act proposal)
Incident : data breach SK-905083025
Source: Reuters
Incident : Data Breach SK-3932739091625
Source: The Korea Herald (or original article source)
Date Accessed: 2024-05-28
Incident : GPS jamming SK-422092125
Source: General cybersecurity and geopolitical reports (2016)
Incident : Data Breach SK-2162921092525
Source: Ministry of Science and Information and Communication Technology (MSIT), South Korea
Date Accessed: 2025-09-16
Incident : Data Breach SK-2162921092525
Source: U.S. Federal Communications Commission (FCC)
Incident : Data Breach SK-1802718100125
Source: Trellix Threat Report (Kimsuky Campaign)
Date Accessed: 2025-09-10
Incident : Data Breach SK-1802718100125
Source: Genians Security Center (Deepfake Phishing)
Date Accessed: 2025-09-05
Incident : Data Breach SK-1802718100125
Source: South Korean Ministry of Science and ICT
Date Accessed: 2025-09-20
Incident : Data Breach SK-5462054101625
Source: FnGuide (financial data provider)
Incident : Data Breach SK-5462054101625
Source: Government-private joint investigation team report (KT mobile payment fraud)
Incident : Data Breach SK-5462054101625
Source: Personal Information Protection Commission (SK Telecom fine)
Incident : data breach SK-5102251110425
Source: SK Telecom Earnings Report (Q3 2024)
Incident : data breach SK-5102251110425
Source: Local media reports (South Korea)
Incident : data breach SK-5102251110425
Source: Regulatory fine announcement (South Korean authorities)
Incident : Data Breach SK-4732347112025
Source: Korea JoongAng Daily
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: @mstoned7, and Source: Bloomberg, and Source: Personal Information Protection Commission (PIPC) of South Korea, and Source: Ministry of Science and ICT (South Korea), and Source: Statement by Lawmaker Yu Yong Weon (National Cybersecurity Act proposal), and Source: Reuters, and Source: The Korea Herald (or original article source)Date Accessed: 2024-05-28, and Source: General cybersecurity and geopolitical reports (2016), and Source: Ministry of Science and Information and Communication Technology (MSIT), South KoreaDate Accessed: 2025-09-16, and Source: Stars and StripesDate Accessed: 2025-09-23, and Source: U.S. Federal Communications Commission (FCC), and Source: TechCrunchUrl: https://techcrunch.comDate Accessed: 2025-09-15, and Source: Trellix Threat Report (Kimsuky Campaign)Url: https://www.trellix.comDate Accessed: 2025-09-10, and Source: Genians Security Center (Deepfake Phishing)Url: https://www.genians.comDate Accessed: 2025-09-05, and Source: South Korean Ministry of Science and ICTUrl: https://www.msit.go.krDate Accessed: 2025-09-20, and Source: FnGuide (financial data provider), and Source: Government-private joint investigation team report (KT mobile payment fraud), and Source: Personal Information Protection Commission (SK Telecom fine), and Source: MLex InsightDate Accessed: 2025-10-31, and Source: SK Telecom Earnings Report (Q3 2024), and Source: Local media reports (South Korea), and Source: Regulatory fine announcement (South Korean authorities), and Source: Korea JoongAng Daily, and Source: MLex InsightDate Accessed: November 24, 2025.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach SK-524052025
Investigation Status: Ongoing
Incident : data breach SK-633082925
Investigation Status: completed (PIPC and Ministry of Science and ICT investigations concluded)
Incident : data breach SK-905083025
Investigation Status: Completed (regulatory fine issued; remediation ongoing)
Incident : Data Breach SK-3932739091625
Investigation Status: Ongoing (Ministry of Science and ICT leading investigations for both incidents)
Incident : Data Breach SK-2162921092525
Investigation Status: Ongoing (MSIT-led joint investigation for KT Corp.; probes for SK Telecom and LG Uplus)
Incident : Data Breach SK-1802718100125
Investigation Status: ['Ongoing (multiple agencies)', 'Interagency plan announced (September 2025)']
Incident : Data Breach SK-5462054101625
Investigation Status: ['Ongoing (KT mobile payment fraud - additional illegal base stations discovered)', 'Completed (SK Telecom USIM leak - regulatory fine imposed)']
Incident : data breach SK-5102251110425
Investigation Status: Ongoing (regulator-mandated overhaul in progress)
Incident : Data Breach SK-4732347112025
Investigation Status: Ongoing dispute; affected subscribers may file lawsuits
Incident : Data Breach SK-0534105112425
Investigation Status: {'regulatory_review': 'ongoing (appeal period until late January 2026)'}
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified Customers Of The Breach, Public Statement Expressing Regret, Acknowledgment Of Regulatory Findings, Public Acknowledgment Of Responsibility, Customer Notifications (Delayed), Offers For Free Usim Replacements And Subscription Discounts, Sk Telecom: Public Denial Of Breach, Transparency Pledge, Kt: Public Apology, Ongoing Updates, Public Warning Issued By South Korea (2016-04-01), Public Advisories (Msit News Releases On 2025-09-09 And 2025-09-16), U.S. Forces Korea Advisory (April 2025, Sk Telecom Only), Delayed Disclosures (Wemix: 5-Day Delay), Public Statements (Sk Telecom, Lotte Card), Presidential Office Announcements (September 2025), Sk Telecom: Public Disclosure Of Compensation Program, Kt: Confirmation Of Fraud Victims And Losses, Public Disclosure In April 2024, Shareholder Notification, Customer Advisories (Sim Replacements, Discounts) and Public statement rejecting the mediation committee's proposal..
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach SK-633082925
Stakeholder Advisories: Pipc Ordered Sk Telecom To Improve Oversight And Data Protection Practices., Ministry Of Science And Ict Recommended Waiving Penalties For Customers Leaving The Network..
Incident : data breach SK-905083025
Customer Advisories: Free USIM card replacements50% discount on August subscription feesWaiver of early contract termination fees
Incident : Data Breach SK-3932739091625
Stakeholder Advisories: Sk Telecom: Reassuring Users, Denying Breach Claims, Kt: Apology Issued, Monitoring For Further Fraud.
Customer Advisories: KT users advised to monitor accounts for unauthorized transactionsGeneral anxiety among telecom users in South Korea
Incident : GPS jamming SK-422092125
Stakeholder Advisories: South Korean Government Warning To North Korea (2016-04-01).
Incident : Data Breach SK-2162921092525
Stakeholder Advisories: U.S. Forces Korea Advisory (April 2025, Sk Telecom), Msit Public Releases (2025-09-09 And 2025-09-16).
Incident : Data Breach SK-1802718100125
Stakeholder Advisories: Presidential Office: Cross-Ministerial Cyber Defense Initiative (September 2025)., Kisa: Enhanced Monitoring For Critical Infrastructure., Financial Supervisory Service: Audits For Lotte Card, Welrix F&I..
Customer Advisories: SK Telecom: Free SIM card replacements for 23M customers.Lotte Card: Credit monitoring services for affected customers.Yes24: Service restoration updates and compensation offers.GS Retail/Albamon: Identity theft protection recommendations.
Incident : Data Breach SK-5462054101625
Customer Advisories: SK Telecom: 50% discount on mobile rates, extra 50GB data, expanded partnership discountsKT: Notification to 362 confirmed fraud victims
Incident : data breach SK-5102251110425
Stakeholder Advisories: Shareholder Notification On Financial Impact (Q3 2024 Earnings Report), Public Disclosure Of Breach Details (April 2024).
Customer Advisories: SIM card replacement program50% mobile fee discountwaived contract termination feesfree data and vouchers as part of 500-billion-won package
Incident : Data Breach SK-4732347112025
Stakeholder Advisories: SKT statement on rejection of mediation proposal
Customer Advisories: Subscribers notified of need to pursue legal action for compensation
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Pipc Ordered Sk Telecom To Improve Oversight And Data Protection Practices., Ministry Of Science And Ict Recommended Waiving Penalties For Customers Leaving The Network., Free Usim Card Replacements, 50% Discount On August Subscription Fees, Waiver Of Early Contract Termination Fees, , Sk Telecom: Reassuring Users, Denying Breach Claims, Kt: Apology Issued, Monitoring For Further Fraud, Kt Users Advised To Monitor Accounts For Unauthorized Transactions, General Anxiety Among Telecom Users In South Korea, , South Korean Government Warning To North Korea (2016-04-01), U.S. Forces Korea Advisory (April 2025, Sk Telecom), Msit Public Releases (2025-09-09 And 2025-09-16), Presidential Office: Cross-Ministerial Cyber Defense Initiative (September 2025)., Kisa: Enhanced Monitoring For Critical Infrastructure., Financial Supervisory Service: Audits For Lotte Card, Welrix F&I., Sk Telecom: Free Sim Card Replacements For 23M Customers., Lotte Card: Credit Monitoring Services For Affected Customers., Yes24: Service Restoration Updates And Compensation Offers., Gs Retail/Albamon: Identity Theft Protection Recommendations., , Sk Telecom: 50% Discount On Mobile Rates, Extra 50Gb Data, Expanded Partnership Discounts, Kt: Notification To 362 Confirmed Fraud Victims, , Shareholder Notification On Financial Impact (Q3 2024 Earnings Report), Public Disclosure Of Breach Details (April 2024), Sim Card Replacement Program, 50% Mobile Fee Discount, Waived Contract Termination Fees, Free Data And Vouchers As Part Of 500-Billion-Won Package, , SKT statement on rejection of mediation proposal and Subscribers notified of need to pursue legal action for compensation.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach SK-524052025
Entry Point: Web shell infection
Reconnaissance Period: June 15, 2022
Incident : data breach SK-633082925
High Value Targets: Call Data Records (Potential Exposure Of Government Communications),
Data Sold on Dark Web: Call Data Records (Potential Exposure Of Government Communications),
Incident : data breach SK-905083025
Entry Point: Unsecured Intranet, Outdated Servers,
Reconnaissance Period: Potentially from August 2021 to April 2025 (nearly 4 years)
High Value Targets: Home Subscriber Server (Hss), Subscriber Authentication Data,
Data Sold on Dark Web: Home Subscriber Server (Hss), Subscriber Authentication Data,
Incident : Data Breach SK-3932739091625
Entry Point: Sk Telecom: Unverified (Claimed By Scattered Lapsus$), Kt: Rogue Cellular Base Stations Intercepting Payment Verifications,
High Value Targets: Sk Telecom: Customer Database (Claimed), Kt: Mobile Payment Verification System,
Data Sold on Dark Web: Sk Telecom: Customer Database (Claimed), Kt: Mobile Payment Verification System,
Incident : GPS jamming SK-422092125
Entry Point: Radio Frequency Jamming From North Korean Regions (Haeju, Yonan, Pyongyang, Kumgang, Kaesong),
High Value Targets: Gps-Dependent Navigation Systems, Telecommunications Infrastructure,
Data Sold on Dark Web: Gps-Dependent Navigation Systems, Telecommunications Infrastructure,
Incident : Data Breach SK-2162921092525
Backdoors Established: Yes (28 servers infected with advanced hacking tools at SK Telecom)
High Value Targets: Potential (U.S. military customers)
Data Sold on Dark Web: Potential (U.S. military customers)
Incident : Data Breach SK-1802718100125
Entry Point: Compromised Websites (Gs Retail), Phishing Emails (Kimsuky), Fake Base Stations (Kt), Exploited Vulnerabilities (Yes24, Sgi),
Reconnaissance Period: ['Months (Kimsuky embassy espionage)', 'Weeks (Lotte Card: 17 days undetected)']
Backdoors Established: ['Likely (Welrix F&I, KT)']
High Value Targets: Financial Data (Lotte Card, Welrix F&I), Diplomatic Communications (Embassies), Military/Defense Institutions,
Data Sold on Dark Web: Financial Data (Lotte Card, Welrix F&I), Diplomatic Communications (Embassies), Military/Defense Institutions,
Incident : Data Breach SK-5462054101625
Entry Point: Unknown (Sk Telecom Usim Leak), Illegal Base Stations Intercepting Verification Codes (Kt),
High Value Targets: Usim Data (Sk Telecom), Mobile Payment Verification Codes (Kt),
Data Sold on Dark Web: Usim Data (Sk Telecom), Mobile Payment Verification Codes (Kt),
Incident : data breach SK-5102251110425
Reconnaissance Period: nearly 3 years (2022–2024)
High Value Targets: Subscriber Identity Data, Authentication Keys, Network Logs,
Data Sold on Dark Web: Subscriber Identity Data, Authentication Keys, Network Logs,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach SK-524052025
Corrective Actions: Issued Sim Replacements, Strengthened Security Measures, Started Logging Activity On Impacted Servers,
Incident : data breach SK-633082925
Root Causes: Systemic Weaknesses In Data Protection Dating Back To 2022., Failure To Address Identified Vulnerabilities In A Timely Manner., Inadequate Oversight And Compliance With Breach Reporting Requirements.,
Corrective Actions: Company Commitment To Prioritize Personal Data Protection., Regulatory-Mandated Improvements In Oversight And Security Practices., Potential Adoption Of Unified Cybersecurity Frameworks (E.G., National Cybersecurity Act).,
Incident : data breach SK-905083025
Root Causes: Lack Of Basic Security Controls (E.G., Passwords, Patches), Outdated And Unpatched Operating Systems, Weak Intranet Security Allowing Lateral Movement, Delayed Detection Of Long-Term Intrusion, Inadequate Governance And Oversight Of Security Practices,
Corrective Actions: Zero-Trust Architecture Implementation, Expanded Encryption, Red Team Exercises, Ciso Reporting Directly To Ceo, Board-Level Cybersecurity Expertise, Customer Compensation And Retention Measures,
Incident : GPS jamming SK-422092125
Root Causes: Geopolitical Tensions, North Korean Electronic Warfare Capabilities,
Incident : Data Breach SK-1802718100125
Root Causes: Lack Of Centralized Cybersecurity Governance., Silos Between Government Agencies (E.G., Ministry Of Science And Ict, Kisa, National Security Office)., Insufficient Investment In Proactive Defenses (E.G., Threat Hunting, Red Teaming)., Delayed Breach Detection (E.G., Lotte Card: 17 Days)., Over-Reliance On Reactive Measures (E.G., Sim Replacements)., Skilled Workforce Shortage Due To Systemic Underinvestment., Political Deadlock Prioritizing Short-Term Fixes Over Long-Term Resilience.,
Corrective Actions: Presidential Office-Led Interagency Cyber Defense Plan (September 2025)., Proposed Legal Reforms To Enable Preemptive Government Probes., Increased Funding For Kisa And Cybersecurity Workforce Development., Mandatory Breach Reporting Timelines., Public-Private Cybersecurity Task Forces (E.G., With Sk Telecom, Theori)., Pilot Programs For Ai-Driven Threat Detection (E.G., Deepfake Phishing)., Hybrid Governance Model: Central Strategy + Decentralized Execution.,
Incident : Data Breach SK-5462054101625
Root Causes: Sk Telecom: Neglect Of Safety Measures For Usim Data Storage And Delayed Incident Notification, Kt: Inadequate Security For Mobile Payment Verification (Vulnerability To Illegal Base Station Spoofing),
Corrective Actions: Sk Telecom: Compensation Program And Regulatory Compliance Improvements (Implied), Kt: Shutdown Of Illegal Base Stations And Investigation Into Fraud Scheme,
Incident : Data Breach SK-5832258103125
Corrective Actions: Leadership overhaul (appointment of Jeong Jae-heon as new CEO with legal background)
Incident : data breach SK-5102251110425
Root Causes: Failure To Detect 25 Types Of Malware For Nearly 3 Years, Inadequate Network Monitoring And Threat Detection, Lack Of Proactive Vulnerability Management,
Corrective Actions: Mandated Cybersecurity Overhaul By Regulators, Implementation Of Customer Trust Recovery Measures (Discounts, Sim Replacements), Financial Restructuring (Dividend Suspension, Cost Management),
Incident : Data Breach SK-4732347112025
Corrective Actions: Proactive compensation measures and recurrence prevention efforts
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Started Logging Activity On The Impacted Servers, , Cybersecurity Firms (E.G., Theori, Genians), Kisa (Korea Internet & Security Agency), , Kisa-Led Initiatives, Embassy Network Traffic, , Government-Private Joint Investigation Team (Kt Mobile Payment Fraud), .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Issued Sim Replacements, Strengthened Security Measures, Started Logging Activity On Impacted Servers, , Company Commitment To Prioritize Personal Data Protection., Regulatory-Mandated Improvements In Oversight And Security Practices., Potential Adoption Of Unified Cybersecurity Frameworks (E.G., National Cybersecurity Act)., , Zero-Trust Architecture Implementation, Expanded Encryption, Red Team Exercises, Ciso Reporting Directly To Ceo, Board-Level Cybersecurity Expertise, Customer Compensation And Retention Measures, , Presidential Office-Led Interagency Cyber Defense Plan (September 2025)., Proposed Legal Reforms To Enable Preemptive Government Probes., Increased Funding For Kisa And Cybersecurity Workforce Development., Mandatory Breach Reporting Timelines., Public-Private Cybersecurity Task Forces (E.G., With Sk Telecom, Theori)., Pilot Programs For Ai-Driven Threat Detection (E.G., Deepfake Phishing)., Hybrid Governance Model: Central Strategy + Decentralized Execution., , Sk Telecom: Compensation Program And Regulatory Compliance Improvements (Implied), Kt: Shutdown Of Illegal Base Stations And Investigation Into Fraud Scheme, , Leadership overhaul (appointment of Jeong Jae-heon as new CEO with legal background), Mandated Cybersecurity Overhaul By Regulators, Implementation Of Customer Trust Recovery Measures (Discounts, Sim Replacements), Financial Restructuring (Dividend Suspension, Cost Management), , Proactive compensation measures and recurrence prevention efforts.
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was ['Yes (Yes24, SGI, Welrix F&I)', 'Amounts undisclosed'].
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Scattered Lapsus$ (claimed, unverified for SK Telecom), North Korean regime (attributed to Kim Jong-un), International Hacking Organization (alleged)Unknown (under investigation), Kimsuky (North Korea-linked)Russian-linked Hacking GroupUnidentified Hackers and Unknown (SK Telecom USIM leak)Two Chinese nationals (KT mobile payment fraud).
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-04-19.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-04-01.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on ['2025-01-10', '2025-03-10', '2025-05-31', '2025-06-13', '2025-07-20', '2025-08-05', '2025-08-15', '2025-09-15'].
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was {'operating_profit_drop': '90% (from 493 billion won to 48.4 billion won)', 'recovery_costs': 'included in 500 billion won customer package', 'regulatory_fine': '134 billion won ($96.5 million)', 'revenue_loss': '12.2% sales decline', 'dividend_suspension': 'Q3 2024'}.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were IMSI, USIM authentication keys, network usage data, SMS/contacts stored in the SIM, , customer data, call data records (potential exposure of call logs), , USIM authentication keys (KI), International Mobile Subscriber Identity (IMSI) numbers, IMEI device identifiers, phone numbers, email addresses, potentially other personal data, Sk Telecom: Claimed: 27 million user records (100 GB sample offered for $10,000; includes user IDs, full names, phone numbers, emails, addresses, birthdates), Kt: 5,561 users' IMSI data potentially compromised, , Sk Telecom: Claimed: 27 million user records (100 GB sample offered for $10,000; includes user IDs, full names, phone numbers, emails, addresses, birthdates), Kt: 5,561 users' IMSI data potentially compromised, , SIM Card Data (10+ GB from SK Telecom), Customer Identity/Financial Information (KT Micropayment Scam), Large-Scale Customer Data (LG Uplus, under investigation), , 90,000 customer records (GS Retail: names, birth dates, contact details, addresses, emails), 23 million customer records (SK Telecom: personal data), 20,000 resumes (Albamon: names, phone numbers, emails), 200GB of data (Lotte Card: ~3 million customers), 1TB+ internal files (Welrix F&I: sensitive customer data), Subscriber data (KT: IMSI, IMEI, phone numbers, micro-payment fraud), Diplomatic communications (19 embassies: espionage via fake emails), , USIM data of ~27 million users (SK Telecom), International Mobile Subscriber Identity (IMSI) of ~5,561 users (KT), , Personal data of over 23 million usersRecords Exposed: 27 million customers, Data Types: ['subscriber identity numbers', 'authentication keys', 'network activity logs', 'SIM-stored text messages'], , Records Exposed: 27 million customers, Data Types: ['subscriber identity numbers', 'authentication keys', 'network activity logs', 'SIM-stored text messages'], , and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident were 23 compromised servers30,000 Linux servers examined and Home Subscriber Server (HSS)critical infrastructureintranet and GPS navigation systemsCell phone base stations and 42,000+ servers inspected (SK Telecom)28 servers infected with advanced hacking tools (SK Telecom) and GS Retail (website)Wemix (blockchain infrastructure)Albamon (job platform database)SK Telecom (customer data systems)Yes24 (ticketing/retail platform, twice)Seoul Guarantee Insurance (core systems: guarantees, verification)Lotte Card (credit/debit card systems)Welrix F&I (lending systems)KT (mobile network via fake base stations)South Korean military/defense institutions (deepfake phishing).
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was cybersecurity firms (e.g., theori, genians), kisa (korea internet & security agency), , government-private joint investigation team (kt mobile payment fraud), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Isolated equipment suspected of being hackedIssued SIM replacements for all subscribers, Server inspections (42,000+ for SK Telecom)Identification of 28 infected servers (SK Telecom), SIM card replacements (SK Telecom)System isolations (SGI, Yes24)Network segmentation (KT)Dark web monitoring (Welrix F&I), SK Telecom: 5 trillion won compensation package (50% discount on mobile rates, extra 50GB data, expanded partnership discounts)KT: Investigation and shutdown of illegal base stations (24 confirmed) and suspended new subscriptions for 2 monthsSIM card replacements for affected users.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were 90,000 customer records (GS Retail: names, birth dates, contact details, addresses, emails), call data records (potential exposure of call logs), network usage data, customer data, potentially other personal data, 23 million customer records (SK Telecom: personal data), SMS/contacts stored in the SIM, USIM authentication keys, International Mobile Subscriber Identity (IMSI) numbers, 200GB of data (Lotte Card: ~3 million customers), phone numbers, USIM data of ~27 million users (SK Telecom), Large-Scale Customer Data (LG Uplus, under investigation), USIM authentication keys (KI), 20,000 resumes (Albamon: names, phone numbers, emails), SIM Card Data (10+ GB from SK Telecom), 1TB+ internal files (Welrix F&I: sensitive customer data), Personal data of over 23 million users, IMEI device identifiers, Subscriber data (KT: IMSI, IMEI, phone numbers, micro-payment fraud), Customer Identity/Financial Information (KT Micropayment Scam), International Mobile Subscriber Identity (IMSI) of ~5,561 users (KT), Diplomatic communications (19 embassies: espionage via fake emails), IMSI and email addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 184.1M.
Ransomware Information
What was the highest ransom demanded in a ransomware incident ?
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was ['Yes (Yes24, SGI, Welrix F&I)', 'Amounts undisclosed'].
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was 134.8 billion won ($97 million), $96.53 million (134 billion won), 134.8 billion won (SK Telecom), , Record privacy fine (amount unspecified), 134 billion won ($96.5 million), 134.8 billion won ($91.4 million).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was PIPC investigation, regulatory orders for improved oversight, , Investigations ongoing (e.g., Lotte Card, SK Telecom), , mandated cybersecurity overhaul, regulatory investigation, , Potential lawsuits by affected subscribers, appeal_status: under review (deadline: late January 2026), appeal_intent: leaning toward appealing, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Regulatory compliance and fines can compound financial losses post-breach.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance public-private collaboration for threat intelligence sharing., Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions., Strengthen monitoring for illegal base stations and SIM swapping attempts, Conduct regular third-party audits to identify and address vulnerabilities proactively., Conduct regular red-team exercises for critical infrastructure., Adopt zero-trust architecture enterprise-wide, Enhance incident response protocols to ensure timely breach reporting., Conduct third-party security assessments, Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture)., Enhance encryption and access controls for USIM/IMSI data, Establish clearer incident response protocols for timely disclosure, Enhance intrusion detection and response capabilities, Enhance employee training on cybersecurity best practices and incident response., Mandate real-time breach reporting (even without company disclosures)., Develop a robust communication plan for customer and stakeholder notifications during breaches., Regular security audits for telecom infrastructure, Implement multi-factor authentication for mobile payments, Implement hybrid model: central strategy + independent agency execution (e.g., KISA)., Establish a central cybersecurity authority with technical and strategic oversight., Proactive communication with customers and regulators during incidents, Invest in workforce development (e.g., cybersecurity training programs)., Implement advanced threat detection systems to identify malware early., Implement multi-factor authentication (MFA) for critical systems, Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing., Conduct regular third-party cybersecurity audits to identify vulnerabilities., Regularly audit and update security patches, Implement robust and continuous monitoring for data protection gaps..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Personal Information Protection Commission (PIPC) of South Korea, Bloomberg, Regulatory fine announcement (South Korean authorities), U.S. Federal Communications Commission (FCC), Statement by Lawmaker Yu Yong Weon (National Cybersecurity Act proposal), @mstoned7, MLex Insight, Reuters, The Korea Herald (or original article source), Korea JoongAng Daily, General cybersecurity and geopolitical reports (2016), Local media reports (South Korea), Stars and Stripes, SK Telecom Earnings Report (Q3 2024), Trellix Threat Report (Kimsuky Campaign), Ministry of Science and Information and Communication Technology (MSIT), South Korea, TechCrunch, Government-private joint investigation team report (KT mobile payment fraud), Personal Information Protection Commission (SK Telecom fine), South Korean Ministry of Science and ICT, Ministry of Science and ICT (South Korea), Genians Security Center (Deepfake Phishing) and FnGuide (financial data provider).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://techcrunch.com, https://www.trellix.com, https://www.genians.com, https://www.msit.go.kr .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was PIPC ordered SK Telecom to improve oversight and data protection practices., Ministry of Science and ICT recommended waiving penalties for customers leaving the network., SK Telecom: Reassuring users, denying breach claims, KT: Apology issued, monitoring for further fraud, South Korean government warning to North Korea (2016-04-01), U.S. Forces Korea advisory (April 2025, SK Telecom), MSIT public releases (2025-09-09 and 2025-09-16), Presidential Office: Cross-ministerial cyber defense initiative (September 2025)., KISA: Enhanced monitoring for critical infrastructure., Financial Supervisory Service: Audits for Lotte Card, Welrix F&I., Shareholder notification on financial impact (Q3 2024 earnings report), Public disclosure of breach details (April 2024), SKT statement on rejection of mediation proposal, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Free USIM card replacements50% discount on August subscription feesWaiver of early contract termination fees, KT users advised to monitor accounts for unauthorized transactionsGeneral anxiety among telecom users in South Korea, SK Telecom: Free SIM card replacements for 23M customers.Lotte Card: Credit monitoring services for affected customers.Yes24: Service restoration updates and compensation offers.GS Retail/Albamon: Identity theft protection recommendations., SK Telecom: 50% discount on mobile rates, extra 50GB data, expanded partnership discountsKT: Notification to 362 confirmed fraud victims, SIM card replacement program50% mobile fee discountwaived contract termination feesfree data and vouchers as part of 500-billion-won package and Subscribers notified of need to pursue legal action for compensation.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Web shell infection.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was June 15, 2022, Potentially from August 2021 to April 2025 (nearly 4 years), Months (Kimsuky embassy espionage)Weeks (Lotte Card: 17 days undetected), nearly 3 years (2022–2024).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Systemic weaknesses in data protection dating back to 2022.Failure to address identified vulnerabilities in a timely manner.Inadequate oversight and compliance with breach reporting requirements., Lack of basic security controls (e.g., passwords, patches)Outdated and unpatched operating systemsWeak intranet security allowing lateral movementDelayed detection of long-term intrusionInadequate governance and oversight of security practices, Geopolitical tensionsNorth Korean electronic warfare capabilities, Lack of centralized cybersecurity governance.Silos between government agencies (e.g., Ministry of Science and ICT, KISA, National Security Office).Insufficient investment in proactive defenses (e.g., threat hunting, red teaming).Delayed breach detection (e.g., Lotte Card: 17 days).Over-reliance on reactive measures (e.g., SIM replacements).Skilled workforce shortage due to systemic underinvestment.Political deadlock prioritizing short-term fixes over long-term resilience., SK Telecom: Neglect of safety measures for USIM data storage and delayed incident notificationKT: Inadequate security for mobile payment verification (vulnerability to illegal base station spoofing), Failure to detect 25 types of malware for nearly 3 yearsInadequate network monitoring and threat detectionLack of proactive vulnerability management.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Issued SIM replacementsStrengthened security measuresStarted logging activity on impacted servers, Company commitment to prioritize personal data protection.Regulatory-mandated improvements in oversight and security practices.Potential adoption of unified cybersecurity frameworks (e.g., National Cybersecurity Act)., Zero-trust architecture implementationExpanded encryptionRed team exercisesCISO reporting directly to CEOBoard-level cybersecurity expertiseCustomer compensation and retention measures, Presidential Office-led interagency cyber defense plan (September 2025).Proposed legal reforms to enable preemptive government probes.Increased funding for KISA and cybersecurity workforce development.Mandatory breach reporting timelines.Public-private cybersecurity task forces (e.g., with SK Telecom, Theori).Pilot programs for AI-driven threat detection (e.g., deepfake phishing).Hybrid governance model: central strategy + decentralized execution., SK Telecom: Compensation program and regulatory compliance improvements (implied)KT: Shutdown of illegal base stations and investigation into fraud scheme, Leadership overhaul (appointment of Jeong Jae-heon as new CEO with legal background), Mandated cybersecurity overhaul by regulatorsImplementation of customer trust recovery measures (discounts, SIM replacements)Financial restructuring (dividend suspension, cost management), Proactive compensation measures and recurrence prevention efforts.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=sk-telecom' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
