SK Telecom Company CyberSecurity Posture

sktelecom.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

SK Telecom has been leading the growth of the mobile industry since 1984. Now, we are taking customer experience to new heights by extending beyond connectivity. By placing AI at the core of its business, we are rapidly transforming into an AI company. We are focusing on driving innovations in areas of telecommunications, media, AI, metaverse, cloud and connected intelligence to deliver greater value for both individuals and enterprises. Our News: https://www.sktelecom.com/en/press/press.do e-Brochure: www.sktelecom.com/en/brochure

SK Telecom A.I CyberSecurity Scoring

SK Telecom

Company Details

Linkedin ID:

sk-telecom

Website:

http://www.sktelecom.com/en

Employees number:

7,230

Number of followers:

47,947

NAICS:

517

Industry Type:

Telecommunications

Homepage:

sktelecom.com

IP Addresses:

Scan still pending

Company ID:

SK _4733172

Scan Status:

In-progress

AI scoreSK Telecom Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/sk-telecom.jpeg
SK Telecom Telecommunications
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreSK Telecom Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/sk-telecom.jpeg
SK Telecom Telecommunications
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

SK Telecom

Critical
Current Score
198
C (Critical)
01000
12 incidents
-107.2 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
199
NOVEMBER 2025
252
Breach
20 Nov 2025 • SK Telecom (SKT)
SK Telecom Data Breach and Compensation Dispute

SK Telecom (SKT), a major South Korean telecom provider, faced a **data breach** affecting **3,998 subscribers**, whose personal information was compromised. The **Personal Information Dispute Mediation Committee** proposed compensating each victim with **300,000 won (~$200)**, but SKT rejected the settlement, citing its existing **proactive compensation measures** and efforts to prevent recurrence. The rejection forces affected subscribers to pursue legal action for damages. The breach exposed customer data, damaging trust and potentially leading to financial or reputational harm. SKT emphasized its commitment to regaining customer confidence and mitigating further risks, though the incident highlights vulnerabilities in its data protection framework. The dispute remains unresolved, with victims left to seek redress through courts.

194
critical -58
SK-4732347112025
Incident Details -
Type
Data Breach
Response
Remediation Measures: Proactive compensation measures and efforts to prevent recurrence Communication Strategy: Public statement rejecting the mediation committee's proposal
Regulatory Compliance
Legal Actions: Potential lawsuits by affected subscribers Regulatory Notifications: Personal Information Dispute Mediation Committee involved
Investigation Status
Ongoing dispute; affected subscribers may file lawsuits
Customer Advisories
Subscribers notified of need to pursue legal action for compensation
Stakeholder Advisories
SKT statement on rejection of mediation proposal
Post Incident Analysis
Corrective Actions: Proactive compensation measures and recurrence prevention efforts
References
Blog URL Source URL
NOVEMBER 2025
334
Breach
31 Oct 2025 • SK Telecom
SK Telecom Massive Data Breach Leading to Financial Decline and Leadership Overhaul

SK Telecom, a leading South Korean telecom provider, suffered a catastrophic data breach exposing the personal information of over **23 million users**, triggering severe financial and operational repercussions. The incident led to a **90.9% plunge in operating profit** and a **12.2% revenue decline** in Q3, alongside a **record privacy fine** imposed by regulators. The breach’s fallout extended to corporate governance, forcing a **leadership overhaul**—including the appointment of **Jeong Jae-heon**, the company’s first CEO with a legal background, as part of crisis management efforts. The exposed data scale and regulatory penalties underscore systemic vulnerabilities in the company’s cybersecurity framework, eroding stakeholder trust and prompting urgent structural reforms to mitigate long-term reputational and financial damage.

246
critical -88
SK-5832258103125
Incident Details -
Type
Data Breach
Impact
Operating Profit Decline: 90.9% Revenue Decline: 12.2% Privacy Fine: record Data Compromised: Personal data of over 23 million users Operational Impact: Significant (leadership overhaul, CEO replacement) Revenue Loss: 12.2% decline in third-quarter revenue Brand Reputation Impact: Severe (triggered leadership change and regulatory scrutiny) Legal Liabilities: Record privacy fine Identity Theft Risk: High (personal data of 23M+ users exposed)
Data Breach
Type Of Data Compromised: Personal data Number Of Records Exposed: 23 million+ Sensitivity Of Data: High (personally identifiable information) Data Exfiltration: Yes Personally Identifiable Information: Yes
Regulatory Compliance
Fines Imposed: Record privacy fine (amount unspecified)
Post Incident Analysis
Corrective Actions: Leadership overhaul (appointment of Jeong Jae-heon as new CEO with legal background)
References
Blog URL Source URL
OCTOBER 2025
509
Breach
16 Oct 2025 • SK Telecom
SK Telecom USIM Data Breach and KT Mobile Payment Fraud Incidents

SK Telecom faced a catastrophic **USIM (Universal Subscriber Identity Module) data breach** affecting **27 million users**, leading to its first projected quarterly loss since earnings reporting began. The incident triggered a **1 trillion won (~$705M) compensation program**, including 50% mobile rate discounts, extra data, and expanded partnerships, alongside a **134.8 billion won regulatory fine**—the largest-ever penalty by South Korea’s Personal Information Protection Commission—for negligence and delayed user notifications. The breach caused mass **customer defection** to competitors (e.g., KT gained 280,000 subscribers), while SK Telecom’s Q3 operating profit plummeted **91.8% year-on-year** to 43.7 billion won, with a consolidated operating loss of **27.4 billion won**. The financial and reputational damage extended to weakened Q4 outlook, compounded by regulatory scrutiny and eroded trust in data security.

330
critical -179
SK-5462054101625
Incident Details -
Type
Data Breach Fraud Unauthorized Access
Attack Vector
Negligence in safety measures (SK Telecom) Illegal base stations intercepting verification codes (KT) Delay in notifying users (SK Telecom)
Vulnerability Exploited
Lack of adequate security measures for USIM data (SK Telecom) Weakness in mobile payment verification system (KT)
Motivation
Financial Gain Fraud
Impact
1 trillion won (SK Telecom compensation program) 134.8 billion won (regulatory fine for SK Telecom) 240 million won (KT unauthorized payments) Projected 27.4 billion won consolidated operating loss (SK Telecom) USIM data of ~27 million users (SK Telecom) International Mobile Subscriber Identity (IMSI) of ~5,561 users (KT) Customer churn (SK Telecom lost subscribers to KT and LG Uplus) Regulatory scrutiny and largest-ever penalty by Personal Information Protection Commission (SK Telecom) Ongoing mobile payment fraud investigations (KT) KT gained ~280,000 subscribers from SK Telecom LG Uplus experienced modest growth SK Telecom: 12.96% drop in revenue (3.94 trillion won vs. prior year) Aggregate 33% drop in operating profit for all three carriers (829.2 billion won vs. 1.24 trillion won prior year) Severe damage to SK Telecom's reputation KT faced reputational risks due to mobile payment fraud 134.8 billion won fine for SK Telecom Potential legal actions from affected customers High (USIM data exposure for 27 million users) High (IMSI exposure for 5,561 users) Unauthorized payments totaling ~240 million won (KT)
Response
Government-private joint investigation team (KT mobile payment fraud) SK Telecom: 5 trillion won compensation package (50% discount on mobile rates, extra 50GB data, expanded partnership discounts) KT: Investigation and shutdown of illegal base stations (24 confirmed) SK Telecom: Public disclosure of compensation program KT: Confirmation of fraud victims and losses
Data Breach
Universal Subscriber Identity Module (USIM) data (SK Telecom) International Mobile Subscriber Identity (IMSI) (KT) ~27 million (SK Telecom) ~5,561 (KT) Sensitivity Of Data: High (USIM/IMSI data can enable identity theft, SIM swapping, and unauthorized access) Confirmed (SK Telecom USIM data) Confirmed (KT IMSI data via illegal base stations) USIM data (includes subscriber identities) IMSI (unique identifier for mobile users)
Regulatory Compliance
Personal Information Protection Act (South Korea) - SK Telecom fined for neglecting safety measures and delayed user notification 134.8 billion won (SK Telecom) Personal Information Protection Commission (SK Telecom)
Lessons Learned
Importance of timely incident disclosure to users and regulators Need for robust security measures for subscriber identity data (USIM/IMSI) Vulnerabilities in mobile payment verification systems can lead to large-scale fraud Compensation programs can mitigate customer churn but may not fully restore reputation
Recommendations
Enhance encryption and access controls for USIM/IMSI data Implement multi-factor authentication for mobile payments Strengthen monitoring for illegal base stations and SIM swapping attempts Proactive communication with customers and regulators during incidents Regular security audits for telecom infrastructure
Investigation Status
Ongoing (KT mobile payment fraud - additional illegal base stations discovered) Completed (SK Telecom USIM leak - regulatory fine imposed)
Customer Advisories
SK Telecom: 50% discount on mobile rates, extra 50GB data, expanded partnership discounts KT: Notification to 362 confirmed fraud victims
Initial Access Broker
Unknown (SK Telecom USIM leak) Illegal base stations intercepting verification codes (KT) USIM data (SK Telecom) Mobile payment verification codes (KT)
Post Incident Analysis
SK Telecom: Neglect of safety measures for USIM data storage and delayed incident notification KT: Inadequate security for mobile payment verification (vulnerability to illegal base station spoofing) SK Telecom: Compensation program and regulatory compliance improvements (implied) KT: Shutdown of illegal base stations and investigation into fraud scheme
References
Blog URL Source URL
OCTOBER 2025
567
Breach
01 Oct 2025 • SK Telecom
SK Telecom Massive Data Breach

SK Telecom, South Korea’s largest telecom operator, suffered a **massive data breach** leading to severe regulatory and financial repercussions. The **Personal Information Protection Commission (PIPC)** imposed a **record fine of 134.8 billion won (~$91.4 million)** for violations of data privacy laws. The breach exposed **sensitive customer data**, triggering a prolonged investigation and enforcement action. The company received the formal sanction in late October 2025, initiating a **90-day review period** with an appeal deadline in **late January 2026**. SK Telecom is reportedly **leaning toward appealing** the decision, but the incident has already inflicted **significant reputational damage**, operational disruptions, and potential long-term trust erosion among customers. The breach underscores systemic vulnerabilities in handling **personal and financial information**, with implications for compliance, governance, and cybersecurity resilience in the telecom sector.

506
critical -61
SK-0534105112425
Incident Details -
Type
Data Breach
Impact
Fine Amount: 134.8 billion won ($91.4 million) Regulator: Personal Information Protection Commission (South Korea)
Response
Appeal Intent: leaning toward appealing the regulator's decision
Regulatory Compliance
South Korea's Personal Information Protection Act (or equivalent) Fines Imposed: 134.8 billion won ($91.4 million) Appeal Status: under review (deadline: late January 2026) Appeal Intent: leaning toward appealing Regulator: Personal Information Protection Commission (PIPC) Decision Date: August 28, 2025 Formal Notice Date: late October 2025
Investigation Status
['Regulatory Review: ongoing (appeal period until late January 2026)']
References
Blog URL Source URL
SEPTEMBER 2025
567
AUGUST 2025
562
JULY 2025
557
JUNE 2025
552
MAY 2025
547
APRIL 2025
685
Breach
01 Apr 2025 • SK Telecom
Data Breach and Fraudulent Mobile Payment Incidents at SK Telecom and KT

SK Telecom, South Korea’s largest telecom operator, faced a high-profile cyber incident in April where an international hacking group, **Scattered Lapsus$**, claimed to have stolen **personal data of 27 million users** (including IDs, full names, phone numbers, emails, addresses, and birthdates). The group demanded $10,000 for a 100GB sample and threatened to leak the full dataset along with admin access if negotiations failed. While SK Telecom denied the breach—asserting the sample data and FTP screenshots were fabricated—the **Ministry of Science and ICT launched an investigation**, demanding transparency. The incident eroded consumer trust, causing SK Telecom’s **market share to drop below 40% for the first time in a decade**, with users switching carriers amid fears of data misuse. The prolonged scrutiny and reputational damage highlight systemic vulnerabilities in telecom security, compounded by the group’s persistent threats and public distrust in the company’s response.

535
critical -150
SK-3932739091625
Incident Details -
Type
Data Breach Fraud (Mobile Payment) Unauthorized Access Social Engineering (Rogue Base Stations)
Attack Vector
Hacking (Claimed by Scattered Lapsus$) Rogue Cellular Base Stations (KT Incident) Interception of Payment Verifications
Vulnerability Exploited
Unknown (SK Telecom denies breach) Weakness in Mobile Payment Verification Process (KT)
Motivation
Financial Gain (Data Sale by Scattered Lapsus$) Fraud (KT Mobile Payment Breach)
Impact
Kt: 170,000,000 KRW (~$122,460 USD) Sk Telecom: Claimed: 27 million user records (100 GB sample offered for $10,000; includes user IDs, full names, phone numbers, emails, addresses, birthdates) Kt: 5,561 users' IMSI data potentially compromised Market share drop for SK Telecom (below 40% for the first time in a decade) Customer anxiety and potential churn for both carriers Regulatory scrutiny and investigations by Ministry of Science and ICT Growing concerns from consumers Daily checks for unauthorized payments by KT users Anxiety over potential future breaches Erosion of trust in SK Telecom and KT Negative media coverage Potential subscriber churn coinciding with iPhone 17 launch High (if SK Telecom data breach claims are true) Moderate (KT IMSI data compromise) High (KT fraudulent transactions) Low (SK Telecom denies breach)
Response
SK Telecom: Denied breach, working with authorities KT: High-profile apology, cooperation with Ministry of Science and ICT Ministry of Science and ICT investigating SK Telecom incident KT collaborating with authorities SK Telecom: Public denial of breach, transparency pledge KT: Public apology, ongoing updates
Data Breach
SK Telecom (claimed): User IDs, full names, phone numbers, emails, addresses, birthdates KT: International Mobile Subscriber Identity (IMSI) data SK Telecom: 27 million (claimed) KT: 5,561 (IMSI data) Sensitivity Of Data: High (PII for SK Telecom; IMSI for KT) SK Telecom: Claimed 100 GB sample (denied by company) KT: Unclear (IMSI data potentially intercepted) SK Telecom: FTP screenshots, sample datasets (fabricated, per company) KT: Unknown SK Telecom: User IDs, full names, phone numbers, emails, addresses, birthdates (claimed) KT: IMSI data (5,561 users)
Regulatory Compliance
Ministry of Science and ICT investigating SK Telecom KT reporting to authorities
Investigation Status
Ongoing (Ministry of Science and ICT leading investigations for both incidents)
Customer Advisories
KT users advised to monitor accounts for unauthorized transactions General anxiety among telecom users in South Korea
Stakeholder Advisories
SK Telecom: Reassuring users, denying breach claims KT: Apology issued, monitoring for further fraud
Initial Access Broker
SK Telecom: Unverified (claimed by Scattered Lapsus$) KT: Rogue cellular base stations intercepting payment verifications SK Telecom: Customer database (claimed) KT: Mobile payment verification system Data Sold On Dark Web: SK Telecom: Claimed 100 GB sample offered for $10,000 on Telegram (denied by company)
References
Blog URL Source URL
Cyber Attack
01 Apr 2025 • SK Telecom
Series of High-Profile Cyber Incidents in South Korea (2025)

SK Telecom, South Korea’s largest telecom operator, suffered a **massive cyberattack in April 2025**, resulting in the theft of **personal data from ~23 million customers**—nearly **half the country’s population**. The breach exposed sensitive information, including names, contact details, and potentially financial records. The aftermath extended into May, forcing the company to issue **new SIM cards to millions of affected users** to mitigate risks like SIM-swapping fraud and identity theft. The attack highlighted systemic vulnerabilities in South Korea’s cybersecurity infrastructure, with regulators and government agencies struggling to coordinate a unified response. The incident severely damaged SK Telecom’s reputation, eroded customer trust, and raised concerns over the **national security implications** of such large-scale data exposures, particularly given the involvement of state-backed threat actors in the region.

535
critical -150
SK-1802718100125
Incident Details -
Type
Data Breach Ransomware Espionage Phishing Supply Chain Attack Unauthorized Access
Attack Vector
Website Exploitation Spear-Phishing (AI Deepfakes) Fake Base Stations Ransomware Credential Stuffing Social Engineering Malware
Motivation
Financial Gain Espionage Data Theft Disruption Cyber Warfare
Impact
$6.2 million (Wemix) Operational costs for SIM replacements (SK Telecom) Revenue loss during downtime (Yes24, SGI, Welrix F&I) 90,000 customer records (GS Retail: names, birth dates, contact details, addresses, emails) 23 million customer records (SK Telecom: personal data) 20,000 resumes (Albamon: names, phone numbers, emails) 200GB of data (Lotte Card: ~3 million customers) 1TB+ internal files (Welrix F&I: sensitive customer data) Subscriber data (KT: IMSI, IMEI, phone numbers, micro-payment fraud) Diplomatic communications (19 embassies: espionage via fake emails) GS Retail (website) Wemix (blockchain infrastructure) Albamon (job platform database) SK Telecom (customer data systems) Yes24 (ticketing/retail platform, twice) Seoul Guarantee Insurance (core systems: guarantees, verification) Lotte Card (credit/debit card systems) Welrix F&I (lending systems) KT (mobile network via fake base stations) South Korean military/defense institutions (deepfake phishing) 4 days (Yes24, June 2025) Few hours (Yes24, August 2025) Days (Seoul Guarantee Insurance, July 2025) Weeks (SK Telecom SIM replacements, April–May 2025) Service disruptions (Yes24, SGI, Welrix F&I) Customer verification delays (SGI) Fraudulent micro-payments (KT) Diplomatic communications compromise (embassies) Yes24 (ticketing/retail sales) Welrix F&I (lending operations) Lotte Card (customer trust/transaction volume) SK Telecom (SIM replacement process) Lotte Card (data exposure) Yes24 (repeated outages) SK Telecom Lotte Card Yes24 Welrix F&I KT South Korean government (fragmented response) Potential GDPR-like fines (if applicable) Class-action lawsuits (e.g., SK Telecom, Lotte Card) GS Retail (90,000 customers) SK Telecom (23M customers) Lotte Card (3M customers) Albamon (20,000 users) Lotte Card (credit/debit data) KT (unauthorized micro-payments)
Response
Partial (company-level) Delayed (government-level) Cybersecurity firms (e.g., Theori, Genians) KISA (Korea Internet & Security Agency) Yes (select cases) Delayed in some incidents (e.g., Lotte Card: 17-day delay) SIM card replacements (SK Telecom) System isolations (SGI, Yes24) Network segmentation (KT) Dark web monitoring (Welrix F&I) Customer notifications (GS Retail, Albamon) Credit monitoring offers (Lotte Card) Patch management (where applicable) Service restoration (Yes24, SGI) Fraudulent transaction reversals (KT) Diplomatic cybersecurity advisories (embassies) Delayed disclosures (Wemix: 5-day delay) Public statements (SK Telecom, Lotte Card) Presidential Office announcements (September 2025) KT (post-fake base station attack) KISA-led initiatives Embassy network traffic
Data Breach
Personal Identifiable Information (PII) Financial Data Resume/Employment Data Diplomatic Communications Mobile Subscriber Data (IMSI, IMEI) Internal Corporate Files 90,000 (GS Retail) 23,000,000 (SK Telecom) 20,000 (Albamon) 3,000,000 (Lotte Card) 5,500 (KT) High (PII, financial, diplomatic) Medium (resumes, subscriber data) Yes (GS Retail, Lotte Card, Welrix F&I) Likely (SK Telecom, KT) Databases PDFs (resumes) Emails Transaction logs Internal documents Names Birth dates Addresses Phone numbers Email addresses IMSI/IMEI
Regulatory Compliance
Potential violations of South Korea’s Personal Information Protection Act (PIPA) Financial sector regulations Investigations ongoing (e.g., Lotte Card, SK Telecom) Delayed in some cases New legal powers proposed (September 2025)
Lessons Learned
Fragmented government response exacerbates cyber risks. Lack of a centralized 'first responder' agency delays containment. Skilled cybersecurity workforce shortage hinders proactive defenses. Reactive measures (e.g., SIM replacements) are costly and insufficient. AI-generated deepfakes pose emerging threats for espionage/phishing. Cross-ministerial coordination is critical for national cyber resilience.
Recommendations
Establish a central cybersecurity authority with technical and strategic oversight. Mandate real-time breach reporting (even without company disclosures). Invest in workforce development (e.g., cybersecurity training programs). Implement hybrid model: central strategy + independent agency execution (e.g., KISA). Enhance public-private collaboration for threat intelligence sharing. Prioritize proactive defenses (e.g., AI-driven anomaly detection, zero-trust architecture). Conduct regular red-team exercises for critical infrastructure.
Investigation Status
Ongoing (multiple agencies) Interagency plan announced (September 2025)
Customer Advisories
SK Telecom: Free SIM card replacements for 23M customers. Lotte Card: Credit monitoring services for affected customers. Yes24: Service restoration updates and compensation offers. GS Retail/Albamon: Identity theft protection recommendations.
Stakeholder Advisories
Presidential Office: Cross-ministerial cyber defense initiative (September 2025). KISA: Enhanced monitoring for critical infrastructure. Financial Supervisory Service: Audits for Lotte Card, Welrix F&I.
Initial Access Broker
Compromised websites (GS Retail) Phishing emails (Kimsuky) Fake base stations (KT) Exploited vulnerabilities (Yes24, SGI) Months (Kimsuky embassy espionage) Weeks (Lotte Card: 17 days undetected) Likely (Welrix F&I, KT) Financial data (Lotte Card, Welrix F&I) Diplomatic communications (embassies) Military/defense institutions Yes (Welrix F&I: samples leaked)
Post Incident Analysis
Lack of centralized cybersecurity governance. Silos between government agencies (e.g., Ministry of Science and ICT, KISA, National Security Office). Insufficient investment in proactive defenses (e.g., threat hunting, red teaming). Delayed breach detection (e.g., Lotte Card: 17 days). Over-reliance on reactive measures (e.g., SIM replacements). Skilled workforce shortage due to systemic underinvestment. Political deadlock prioritizing short-term fixes over long-term resilience. Presidential Office-led interagency cyber defense plan (September 2025). Proposed legal reforms to enable preemptive government probes. Increased funding for KISA and cybersecurity workforce development. Mandatory breach reporting timelines. Public-private cybersecurity task forces (e.g., with SK Telecom, Theori). Pilot programs for AI-driven threat detection (e.g., deepfake phishing). Hybrid governance model: central strategy + decentralized execution.
References
Blog URL Source URL
Cyber Attack
01 Apr 2025 • SK Telecom
Series of Data Breaches at Major South Korean Telecom Providers Affecting U.S. Military Customers

In April 2025, SK Telecom, one of South Korea’s largest telecom providers, suffered a significant cyber intrusion where hackers infiltrated its network and exfiltrated over **10 gigabytes of SIM card data**. The breach was confirmed by South Korea’s **Ministry of Science and Information and Communication Technology (MSIT)** in July, following an investigation that inspected **42,000 servers**, uncovering **28 infected with advanced hacking tools**. The stolen data—likely containing **customer identity and authentication details**—poses severe risks, including **unauthorized SIM swaps, financial fraud, and identity theft**, particularly for **U.S. military personnel, Defense Department employees, and their families** who rely on SK Telecom’s services at bases like **Osan Air Base and Camp Humphreys**. The breach also raised allegations of an **international hacking organization selling the stolen data online**, amplifying concerns over **large-scale privacy violations and potential state-sponsored cyber espionage**. While SK Telecom operates kiosks on U.S. military installations, **U.S. Forces Korea issued an advisory only for this incident**, not the subsequent breaches at KT Corp. and LG Uplus. The MSIT emphasized the need for **transparency and swift action** due to rising public anxiety over recurrent telecom cyberattacks, though specific financial or operational damages remain undisclosed.

535
critical -150
SK-2162921092525
Incident Details -
Type
Data Breach Micropayment Scam Unauthorized Access Advanced Persistent Threat (APT)
Attack Vector
Network Infiltration SIM Swapping (Micropayment Scam) Advanced Hacking Tools Data Exfiltration
Motivation
Financial Gain (Micropayment Scams) Data Theft for Resale (Dark Web) Espionage (potential, given U.S. military customer involvement)
Impact
SIM Card Data (10+ GB from SK Telecom) Customer Identity/Financial Information (KT Micropayment Scam) Large-Scale Customer Data (LG Uplus, under investigation) 42,000+ servers inspected (SK Telecom) 28 servers infected with advanced hacking tools (SK Telecom) Joint public-private investigation (KT Corp.) U.S. Forces Korea advisory issued (SK Telecom, April 2025) Customer Complaints: Increased public anxiety reported Brand Reputation Impact: High (multiple breaches at major providers, U.S. military customers affected) Identity Theft Risk: High (SIM swapping, micropayment scams) Payment Information Risk: High (micropayment scams, financial data exposure)
Response
Incident Response Plan Activated: Yes (Joint public-private investigation team for KT Corp.) Law Enforcement Notified: Yes (MSIT-led investigation) Server inspections (42,000+ for SK Telecom) Identification of 28 infected servers (SK Telecom) Public advisories (MSIT news releases on 2025-09-09 and 2025-09-16) U.S. Forces Korea advisory (April 2025, SK Telecom only)
Data Breach
SIM Card Data Customer Identity Information Financial Information (Micropayment Scams) Potential PII (under investigation for LG Uplus) Sensitivity Of Data: High (includes PII, financial data, and potential military-affiliated customer data) Data Exfiltration: Yes (10+ GB from SK Telecom, alleged dark web sales) Personally Identifiable Information: Yes (SIM data, identity/financial info from micropayment scams)
Regulatory Compliance
Regulatory Notifications: Yes (MSIT investigations, public disclosures)
Investigation Status
['Ongoing (MSIT-led joint investigation for KT Corp.; probes for SK Telecom and LG Uplus)']
Stakeholder Advisories
U.S. Forces Korea advisory (April 2025, SK Telecom) MSIT public releases (2025-09-09 and 2025-09-16)
Initial Access Broker
Backdoors Established: Yes (28 servers infected with advanced hacking tools at SK Telecom) High Value Targets: Potential (U.S. military customers) Data Sold On Dark Web: Alleged (SK Telecom customer data)
References
Blog URL Source URL
MARCH 2025
685
FEBRUARY 2025
683
JANUARY 2025
681
JUNE 2022
604
Cyber Attack
16 Jun 2022 • SK Telecom Co.
SK Telecom Data Breach Affecting Half of South Korea's Population

SK Telecom, South Korea’s largest mobile operator, suffered a major cyberattack disclosed in April 2024, compromising the personal data of approximately **half the nation’s population**. The breach exposed **call data records (CDRs)**, enabling potential reconstruction of sensitive communications, including those involving high-level government officials. The **Personal Information Protection Commission (PIPC)** fined the company **134.8 billion won ($97 million)** for negligence in data protection, delayed breach reporting, and prolonged security lapses dating back to 2022. Investigations revealed systemic vulnerabilities, with regulators criticizing the company’s failure to address known weaknesses despite repeated opportunities.The attack raised **national security concerns**, as lawmakers warned that exposed call logs could endanger government communications and intelligence operations—mirroring incidents like China-linked hackers (Salt Typhoon) breaching U.S. telecoms (e.g., AT&T) to monitor senior officials. Public outrage in South Korea initially focused on **ransomware and financial risks**, but the broader implications included **potential espionage, intelligence leaks, and threats to critical infrastructure**. The government responded by proposing a **National Cybersecurity Act** to unify emergency responses and improve threat intelligence sharing. SK Telecom acknowledged the failings and pledged to prioritize data protection, though regulators mandated reforms, including waiving penalties for customers leaving the network.

585
critical -19
SK-633082925
Incident Details -
Type
data breach cyberattack
Vulnerability Exploited
systemic weaknesses in data protection prolonged lapses in security oversight
Impact
Fine: 134.8 billion won ($97 million) customer data call data records (potential exposure of call logs) regulatory scrutiny public outrage customer churn risk high (public outrage) severe damage due to national-scale breach and regulatory criticism fines imposed by PIPC potential legal actions from affected customers high (personal data theft risks)
Response
company pledged to make personal data protection a core value improved oversight ordered by PIPC public statement expressing regret acknowledgment of regulatory findings
Data Breach
customer data call data records Number Of Records Exposed: ~half of South Korea's population (estimated tens of millions) high (includes call logs with potential national security implications) likely (call logs and customer data accessed) likely (customer data)
Regulatory Compliance
Personal Information Protection Act (South Korea) timely breach reporting requirements Fines Imposed: 134.8 billion won ($97 million) PIPC investigation regulatory orders for improved oversight PIPC public disclosure Ministry of Science and ICT recommendations
Lessons Learned
Prolonged systemic vulnerabilities can lead to catastrophic breaches with national security implications. Timely reporting and proactive remediation of security weaknesses are critical to mitigating risks. Telecom operators must prioritize data protection as a core business value to prevent regulatory and reputational damage.
Recommendations
Implement robust, continuous monitoring for data protection gaps. Enhance incident response protocols to ensure timely breach reporting. Adopt unified national cybersecurity frameworks (e.g., proposed National Cybersecurity Act) to improve emergency response and intelligence sharing. Conduct regular third-party audits to identify and address vulnerabilities proactively.
Investigation Status
['completed (PIPC and Ministry of Science and ICT investigations concluded)']
Stakeholder Advisories
PIPC ordered SK Telecom to improve oversight and data protection practices. Ministry of Science and ICT recommended waiving penalties for customers leaving the network.
Initial Access Broker
call data records (potential exposure of government communications)
Post Incident Analysis
Systemic weaknesses in data protection dating back to 2022. Failure to address identified vulnerabilities in a timely manner. Inadequate oversight and compliance with breach reporting requirements. Company commitment to prioritize personal data protection. Regulatory-mandated improvements in oversight and security practices. Potential adoption of unified cybersecurity frameworks (e.g., National Cybersecurity Act).
References
Blog URL Source URL
JUNE 2022
631
Cyber Attack
01 Jun 2022 • SK Telecom
SK Telecom Data Breach

SK Telecom, the largest mobile network operator in South Korea, experienced a cybersecurity incident that started in June 2022 and was detected in April 2025. The breach exposed the USIM data of 27 million subscribers, including IMSI, USIM authentication keys, network usage data, and SMS/contacts stored in the SIM. The incident increased the risk of SIM-swapping attacks, leading the company to issue SIM replacements and enhance security measures. The breach compromised 25 data types and 23 servers, with 15 servers containing personal customer information, including 291,831 IMEI numbers. The company halted new subscriptions temporarily to manage the fallout.

602
critical -29
SK-524052025
Incident Details -
Type
Data Breach
Attack Vector
Malware
Impact
IMSI USIM authentication keys network usage data SMS/contacts stored in the SIM 23 compromised servers 30,000 Linux servers examined Stopped accepting new subscribers
Response
Incident Response Plan Activated: Yes Isolated equipment suspected of being hacked Issued SIM replacements for all subscribers Strengthened security measures to prevent unauthorized number porting actions Notified customers of the breach Started logging activity on the impacted servers
Data Breach
IMSI USIM authentication keys network usage data SMS/contacts stored in the SIM Number Of Records Exposed: 26.95 million Sensitivity Of Data: High Data Exfiltration: Possible IMEI numbers
Investigation Status
['Ongoing']
Initial Access Broker
Entry Point: Web shell infection Reconnaissance Period: June 15, 2022
Post Incident Analysis
Issued SIM replacements Strengthened security measures Started logging activity on impacted servers
References
Blog URL Source URL
AUGUST 2021
778
Breach
01 Aug 2021 • SK Telecom (SKT)
SK Telecom Data Breach (2025)

SK Telecom (SKT), a major South Korean telecommunications provider, suffered a **malware breach** discovered in **April 2025**, exposing sensitive data of **27 million subscribers** for years (potentially since **August 2021**). Threat actors infiltrated critical infrastructure, including the **Home Subscriber Server (HSS)**, compromising **USIM authentication keys (KI), IMSI numbers, IMEI identifiers, phone numbers, email addresses, and other personal data**.The breach resulted from **negligent security practices**, including **unprotected servers (no passwords), outdated OS without patches, and weak intranet defenses**. The **Personal Information Protection Commission fined SKT ~$96.53 million** for failing to safeguard data and delaying customer notifications. SKT was forced to **overhaul governance, adopt zero-trust architecture, expand encryption, form a red team, and elevate its CISO role**. Customers received **free USIM replacements, subscription discounts, and penalty-free contract cancellations**.The incident severely damaged SKT’s **reputation, financial standing, and operational trust**, necessitating systemic reforms to prevent future breaches.

599
critical -179
SK-905083025
Incident Details -
Type
data breach malware intrusion unauthorized access
Attack Vector
malware exploitation of unpatched vulnerabilities lack of authentication
Vulnerability Exploited
outdated operating systems missing security patches no password protection on critical servers weak intranet security
Impact
Financial Loss: $96.53 million (fine) USIM authentication keys (KI) International Mobile Subscriber Identity (IMSI) numbers IMEI device identifiers phone numbers email addresses potentially other personal data Home Subscriber Server (HSS) critical infrastructure intranet Operational Impact: Significant; required revamp of governance and security measures Brand Reputation Impact: Severe; public acknowledgment of 'grave responsibility' and loss of customer trust Legal Liabilities: $96.53 million fine by Personal Information Protection Commission Identity Theft Risk: High (due to exposure of IMSI, IMEI, and personal data)
Response
Implementation of zero-trust architecture Expansion of encryption Formation of a red team Elevation of CISO role to report directly to CEO Addition of cybersecurity experts to the board Free USIM card replacements for customers 50% discount on August subscription fees Waiver of early contract termination fees Information Security Innovation Plan Public acknowledgment of responsibility Customer notifications (delayed) Offers for free USIM replacements and subscription discounts
Data Breach
subscriber authentication data personal identifiable information (PII) device identifiers Number Of Records Exposed: 27 million Sensitivity Of Data: High (includes USIM keys, IMSI, IMEI, and personal data)
Regulatory Compliance
Personal Information Protection Act (South Korea) Fines Imposed: $96.53 million (134 billion won) Delayed notification to customers
Lessons Learned
Critical importance of basic security measures (e.g., passwords, patches) Need for proactive monitoring to detect long-term intrusions Significance of timely customer notification in breach scenarios Governance and security culture must be prioritized at the executive level
Recommendations
Adopt zero-trust architecture enterprise-wide Regularly audit and update security patches Implement multi-factor authentication (MFA) for critical systems Enhance intrusion detection and response capabilities Conduct third-party security assessments Establish clearer incident response protocols for timely disclosure
Investigation Status
Completed (regulatory fine issued; remediation ongoing)
Customer Advisories
Free USIM card replacements 50% discount on August subscription fees Waiver of early contract termination fees
Initial Access Broker
unsecured intranet outdated servers Reconnaissance Period: Potentially from August 2021 to April 2025 (nearly 4 years) Home Subscriber Server (HSS) subscriber authentication data
Post Incident Analysis
Lack of basic security controls (e.g., passwords, patches) Outdated and unpatched operating systems Weak intranet security allowing lateral movement Delayed detection of long-term intrusion Inadequate governance and oversight of security practices Zero-trust architecture implementation Expanded encryption Red team exercises CISO reporting directly to CEO Board-level cybersecurity expertise Customer compensation and retention measures
References
Blog URL Source URL
JUNE 2010
768
Cyber Attack
16 Jun 2010 • South Korean Maritime and Telecommunications Sector (Fishing Vessels & Cell Networks)
GPS Jamming Attack on Vessels in the Korean Demilitarized Zone (2016)

In March 2016, North Korea executed a **GPS jamming attack** targeting vessels in the demilitarized zone (DMZ) between North and South Korea, originating from five regions: Haeju, Yonan, Pyongyang, Kumgang, and Kaesong. The attack disrupted navigation systems of **nearly 700 fishing vessels**, endangering maritime safety and operations. Additionally, the jamming interfered with **cell phone base stations**, disrupting telecommunications infrastructure. This was the **fourth such campaign since 2010**, part of North Korea’s broader strategy of electronic warfare and provocation amid escalating tensions over nuclear and missile tests. South Korea issued a formal warning on **April 1**, threatening retaliatory action if the attacks persisted. The incident highlighted vulnerabilities in critical navigation and communication systems, with potential cascading effects on regional security and economic stability. While no direct casualties were reported, the attack posed risks to maritime trade, emergency response coordination, and civilian infrastructure, reinforcing concerns over North Korea’s cyber and electronic warfare capabilities.

751
critical -17
SK-422092125
Incident Details -
Type
GPS jamming Electronic warfare Signal disruption
Attack Vector
Radio frequency jamming Electromagnetic interference
Motivation
Provocation Geopolitical tension Military signaling
Impact
GPS navigation systems Cell phone base stations Disruption of vessel navigation Communication interference
Response
Public warning issued by South Korea (2016-04-01)
Stakeholder Advisories
South Korean government warning to North Korea (2016-04-01)
Initial Access Broker
Radio frequency jamming from North Korean regions (Haeju, Yonan, Pyongyang, Kumgang, Kaesong) GPS-dependent navigation systems Telecommunications infrastructure
Post Incident Analysis
Geopolitical tensions North Korean electronic warfare capabilities
References
Blog URL Source URL
JUNE 2000
777
Breach
16 Jun 2000 • SK Telecom
SK Telecom Large-Scale Data Breach (2022-2024)

SK Telecom, South Korea’s largest mobile carrier, suffered a **massive data breach** in 2024, traced back to a 2022 infiltration where attackers used **25 undetected malware strains** for nearly three years. The breach exposed **personal data of 27 million customers**, including **subscriber identity numbers, authentication keys, network logs, and SIM-stored messages**. The financial fallout was severe: **operating profit plummeted 90% (from 493B won to 48.4B won)**, sales dropped **12.2%**, and the company **suspended dividends** for the first time since 2000. Regulatory penalties included a **record 134B won ($96.5M) fine**, while recovery efforts cost **500B won ($349M)** in customer compensation (discounts, free data, voucher packages, and waived termination fees). The breach also triggered a **two-month freeze on new subscriptions**, accelerating customer churn. The attack forced a **complete cybersecurity overhaul**, SIM card replacements for millions, and long-term reputational damage, with the CFO framing it as a **‘crisis-to-opportunity’ pivot** to restore trust.

690
critical -87
SK-5102251110425
Incident Details -
Type
data breach cyberattack malware intrusion
Attack Vector
malware (25 types) undetected network infiltration
Impact
Operating Profit Drop: 90% (from 493 billion won to 48.4 billion won) Recovery Costs: included in 500 billion won customer package Regulatory Fine: 134 billion won ($96.5 million) Revenue Loss: 12.2% sales decline Dividend Suspension: Q3 2024 Records Exposed: 27 million customers subscriber identity numbers authentication keys network activity logs SIM-stored text messages suspended new subscriptions for 2 months SIM card replacements for millions of users cybersecurity system overhaul mandated by regulators Revenue Loss: 12.2% sales decline in Q3 2024 loss of customer trust increased churn due to fee waivers/discounts first quarterly loss since 2000 134 billion won regulatory fine mandated cybersecurity overhaul Identity Theft Risk: high (subscriber identity numbers and authentication keys compromised)
Response
suspended new subscriptions for 2 months SIM card replacements for affected users cybersecurity system overhaul (regulator-mandated) replacement of compromised SIM cards 500-billion-won ($349 million) customer appreciation package (rate discounts, free data, vouchers) waived contract termination fees 50% mobile fee discount public disclosure in April 2024 shareholder notification customer advisories (SIM replacements, discounts)
Data Breach
subscriber identity numbers authentication keys network activity logs SIM-stored text messages Number Of Records Exposed: 27 million Sensitivity Of Data: high (includes authentication credentials and identity data)
Regulatory Compliance
Fines Imposed: 134 billion won ($96.5 million) mandated cybersecurity overhaul regulatory investigation
Lessons Learned
Proactive detection of malware is critical to prevent long-term undetected breaches. Regular cybersecurity audits and vulnerability assessments are essential for large-scale infrastructure. Customer trust recovery requires significant financial investment and transparency. Regulatory compliance and fines can compound financial losses post-breach.
Recommendations
Implement advanced threat detection systems to identify malware early. Conduct regular third-party cybersecurity audits to identify vulnerabilities. Enhance employee training on cybersecurity best practices and incident response. Develop a robust communication plan for customer and stakeholder notifications during breaches. Invest in proactive measures like network segmentation and behavioral analysis to prevent future intrusions.
Investigation Status
Ongoing (regulator-mandated overhaul in progress)
Customer Advisories
SIM card replacement program 50% mobile fee discount waived contract termination fees free data and vouchers as part of 500-billion-won package
Stakeholder Advisories
Shareholder notification on financial impact (Q3 2024 earnings report) Public disclosure of breach details (April 2024)
Initial Access Broker
Reconnaissance Period: nearly 3 years (2022–2024) subscriber identity data authentication keys network logs
Post Incident Analysis
Failure to detect 25 types of malware for nearly 3 years Inadequate network monitoring and threat detection Lack of proactive vulnerability management Mandated cybersecurity overhaul by regulators Implementation of customer trust recovery measures (discounts, SIM replacements) Financial restructuring (dividend suspension, cost management)
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for SK Telecom is 198, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 246.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 506.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 567.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 562.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 557.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 552.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 547.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 535.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 685.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 683.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 681.

Over the past 12 months, the average per-incident point impact on SK Telecom’s A.I Rankiteo Cyber Score has been -107.2 points.

You can access SK Telecom’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/sk-telecom.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view SK Telecom’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/sk-telecom.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.