South Korea to Impose Punitive Fines on Companies with Repeated Data Breaches South Korea’s Ministry of Science and ICT has announced plans to introduce stricter penalties for businesses that experience repeated data breaches, following a series of high-profile incidents in 2025. During a policy briefing with President Lee Jae Myung in Sejong on December 12, Science Minister Bae Kyung-hoon outlined measures to enhance cybersecurity accountability, including fines of up to 3% of a company’s annual sales for repeat offenders. The proposal follows breaches at major firms like SK Telecom, KT Corp., and Coupang, which exposed the personal data of millions of South Koreans. Under the new regulations, fines for delayed breach reporting will increase to ₩50 million (US$339,000), up from ₩30 million. The government will also codify CEO accountability and empower chief security officers to enforce compliance. Additionally, companies’ security capabilities will be publicly assessed to incentivize stronger protections. Beyond cybersecurity, the ministry unveiled ambitious AI and technology initiatives, including the development of one of the world’s top 10 AI models by 2026, which will be open-sourced for defense, manufacturing, and cultural applications. The K-Moonshot project aims to close the technology gap with the U.S., targeting 85% of its advanced level by 2030—up from 81.5% in 2022. Key focus areas include humanoid robots, next-generation chips, and clean energy, backed by a ₩5.9 trillion (US$4 billion) investment in strategic sectors like bio, quantum, and nuclear fusion. South Korea also plans to become an AI hub in the Asia-Pacific region, attracting talent and startups while expanding AI integration in manufacturing, logistics, and shipbuilding. International collaborations will include AI research with the U.S. and robotics partnerships with China. The government will allocate 10% of its R&D budget to basic science and aims to develop a private-sector-led small modular reactor by 2030, supported by a ₩1.2 trillion budget.

SK Telecom (SKT), a major South Korean telecom provider, faced a data breach affecting 3,998 subscribers, whose personal information was compromised. The Personal Information Dispute Mediation Committee proposed compensating each victim with 300,000 won (~$200), but SKT rejected the settlement, citing its existing proactive compensation measures and efforts to prevent recurrence. The rejection forces affected subscribers to pursue legal action for damages. The breach exposed customer data, damaging trust and potentially leading to financial or reputational harm. SKT emphasized its commitment to regaining customer confidence and mitigating further risks, though the incident highlights vulnerabilities in its data protection framework. The dispute remains unresolved, with victims left to seek redress through courts.

SK Telecom faced a catastrophic USIM (Universal Subscriber Identity Module) data breach affecting 27 million users, leading to its first projected quarterly loss since earnings reporting began. The incident triggered a 1 trillion won (~$705M) compensation program, including 50% mobile rate discounts, extra data, and expanded partnerships, alongside a 134.8 billion won regulatory fine—the largest-ever penalty by South Korea’s Personal Information Protection Commission—for negligence and delayed user notifications. The breach caused mass customer defection to competitors (e.g., KT gained 280,000 subscribers), while SK Telecom’s Q3 operating profit plummeted 91.8% year-on-year to 43.7 billion won, with a consolidated operating loss of 27.4 billion won. The financial and reputational damage extended to weakened Q4 outlook, compounded by regulatory scrutiny and eroded trust in data security.

SK Telecom, South Korea’s largest telecom operator, suffered a massive cyberattack in April 2025, resulting in the theft of personal data from ~23 million customers—nearly half the country’s population. The breach exposed sensitive information, including names, contact details, and potentially financial records. The aftermath extended into May, forcing the company to issue new SIM cards to millions of affected users to mitigate risks like SIM-swapping fraud and identity theft. The attack highlighted systemic vulnerabilities in South Korea’s cybersecurity infrastructure, with regulators and government agencies struggling to coordinate a unified response. The incident severely damaged SK Telecom’s reputation, eroded customer trust, and raised concerns over the national security implications of such large-scale data exposures, particularly given the involvement of state-backed threat actors in the region.

SK Telecom Challenges Record $91M Fine Over 2024 Data Breach South Korea’s Personal Information Protection Commission (PIPC) has imposed a record $91 million fine on SK Telecom for its delayed disclosure of a 2024 cyberattack that exposed the universal subscriber identity module (USIM) data of all 23 million customers. The penalty the largest in the regulator’s six-year history surpasses the combined fines levied against Meta and Google in 2022. SK Telecom, South Korea’s leading telecommunications provider, has contested the fine, arguing that the breach did not result in financial losses for subscribers and citing its post-incident security investments and reforms. The company also questioned the fairness of the penalty compared to those imposed on Meta and Google. In a separate case, Google agreed to an $8.25 million settlement in a class-action lawsuit alleging illegal data collection from devices used by children under 13. The case, reported by The Record, highlights growing scrutiny over tech companies’ handling of minors’ data. Meanwhile, AWS launched its EU Sovereign Cloud, a new offering designed to meet strict European data residency requirements. The cloud, managed by EU-based staff under a German parent company, ensures that metadata, billing, and identity systems remain within the EU, addressing concerns over cross-border data transfers. In the U.S., the Federal Trade Commission (FTC) finalized an order against General Motors (GM) over allegations that its OnStar "Smart Driver" feature collected precise geolocation and driving behavior data every three seconds without proper consent. The complaint, filed in January 2025, underscores regulatory pressure on automakers over unauthorized data tracking.

SK Telecom, South Korea’s largest mobile operator, suffered a major cyberattack disclosed in April 2024, compromising the personal data of approximately half the nation’s population. The breach exposed call data records (CDRs), enabling potential reconstruction of sensitive communications, including those involving high-level government officials. The Personal Information Protection Commission (PIPC) fined the company 134.8 billion won ($97 million) for negligence in data protection, delayed breach reporting, and prolonged security lapses dating back to 2022. Investigations revealed systemic vulnerabilities, with regulators criticizing the company’s failure to address known weaknesses despite repeated opportunities.The attack raised national security concerns, as lawmakers warned that exposed call logs could endanger government communications and intelligence operations—mirroring incidents like China-linked hackers (Salt Typhoon) breaching U.S. telecoms (e.g., AT&T) to monitor senior officials. Public outrage in South Korea initially focused on ransomware and financial risks, but the broader implications included potential espionage, intelligence leaks, and threats to critical infrastructure. The government responded by proposing a National Cybersecurity Act to unify emergency responses and improve threat intelligence sharing. SK Telecom acknowledged the failings and pledged to prioritize data protection, though regulators mandated reforms, including waiving penalties for customers leaving the network.

SK Telecom (SKT), a major South Korean telecommunications provider, suffered a malware breach discovered in April 2025, exposing sensitive data of 27 million subscribers for years (potentially since August 2021). Threat actors infiltrated critical infrastructure, including the Home Subscriber Server (HSS), compromising USIM authentication keys (KI), IMSI numbers, IMEI identifiers, phone numbers, email addresses, and other personal data.The breach resulted from negligent security practices, including unprotected servers (no passwords), outdated OS without patches, and weak intranet defenses. The Personal Information Protection Commission fined SKT ~$96.53 million for failing to safeguard data and delaying customer notifications. SKT was forced to overhaul governance, adopt zero-trust architecture, expand encryption, form a red team, and elevate its CISO role. Customers received free USIM replacements, subscription discounts, and penalty-free contract cancellations.The incident severely damaged SKT’s reputation, financial standing, and operational trust, necessitating systemic reforms to prevent future breaches.

In March 2016, North Korea executed a GPS jamming attack targeting vessels in the demilitarized zone (DMZ) between North and South Korea, originating from five regions: Haeju, Yonan, Pyongyang, Kumgang, and Kaesong. The attack disrupted navigation systems of nearly 700 fishing vessels, endangering maritime safety and operations. Additionally, the jamming interfered with cell phone base stations, disrupting telecommunications infrastructure. This was the fourth such campaign since 2010, part of North Korea’s broader strategy of electronic warfare and provocation amid escalating tensions over nuclear and missile tests. South Korea issued a formal warning on April 1, threatening retaliatory action if the attacks persisted. The incident highlighted vulnerabilities in critical navigation and communication systems, with potential cascading effects on regional security and economic stability. While no direct casualties were reported, the attack posed risks to maritime trade, emergency response coordination, and civilian infrastructure, reinforcing concerns over North Korea’s cyber and electronic warfare capabilities.

SK Telecom, South Korea’s largest mobile carrier, suffered a massive data breach in 2024, traced back to a 2022 infiltration where attackers used 25 undetected malware strains for nearly three years. The breach exposed personal data of 27 million customers, including subscriber identity numbers, authentication keys, network logs, and SIM-stored messages. The financial fallout was severe: operating profit plummeted 90% (from 493B won to 48.4B won), sales dropped 12.2%, and the company suspended dividends for the first time since 2000. Regulatory penalties included a record 134B won ($96.5M) fine, while recovery efforts cost 500B won ($349M) in customer compensation (discounts, free data, voucher packages, and waived termination fees). The breach also triggered a two-month freeze on new subscriptions, accelerating customer churn. The attack forced a complete cybersecurity overhaul, SIM card replacements for millions, and long-term reputational damage, with the CFO framing it as a ‘crisis-to-opportunity’ pivot to restore trust.