In April 2025, SK Telecom, one of South Korea’s largest telecom providers, suffered a significant cyber intrusion where hackers infiltrated its network and exfiltrated over **10 gigabytes of SIM card data**. The breach was confirmed by South Korea’s **Ministry of Science and Information and Communication Technology (MSIT)** in July, following an investigation that inspected **42,000 servers**, uncovering **28 infected with advanced hacking tools**. The stolen data—likely containing **customer identity and authentication details**—poses severe risks, including **unauthorized SIM swaps, financial fraud, and identity theft**, particularly for **U.S. military personnel, Defense Department employees, and their families** who rely on SK Telecom’s services at bases like **Osan Air Base and Camp Humphreys**. The breach also raised allegations of an **international hacking organization selling the stolen data online**, amplifying concerns over **large-scale privacy violations and potential state-sponsored cyber espionage**. While SK Telecom operates kiosks on U.S. military installations, **U.S. Forces Korea issued an advisory only for this incident**, not the subsequent breaches at KT Corp. and LG Uplus. The MSIT emphasized the need for **transparency and swift action** due to rising public anxiety over recurrent telecom cyberattacks, though specific financial or operational damages remain undisclosed.
TPRM report: https://www.rankiteo.com/company/sk-telecom
"id": "sk-2162921092525",
"linkid": "sk-telecom",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Includes U.S. military '
'personnel at Camp Humphreys, '
'Osan Air Base',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'SK Telecom',
'size': 'Large (Market leader)',
'type': 'Telecommunications Provider'},
{'customers_affected': 'Includes U.S. military '
'personnel at Camp Humphreys, '
'Osan Air Base',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'KT Corp.',
'size': 'Large',
'type': 'Telecommunications Provider'},
{'customers_affected': 'Includes U.S. military '
'personnel at Camp Humphreys, '
'Osan Air Base',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'LG Uplus',
'size': 'Large',
'type': 'Telecommunications Provider'},
{'customers_affected': 'Service members, DoD employees, '
'and families using local '
'telecom plans',
'industry': 'Defense',
'location': 'South Korea',
'name': 'U.S. Forces Korea (USFK)',
'type': 'Military Command'}],
'attack_vector': ['Network Infiltration',
'SIM Swapping (Micropayment Scam)',
'Advanced Hacking Tools',
'Data Exfiltration'],
'data_breach': {'data_exfiltration': 'Yes (10+ GB from SK Telecom, alleged '
'dark web sales)',
'personally_identifiable_information': 'Yes (SIM data, '
'identity/financial '
'info from '
'micropayment scams)',
'sensitivity_of_data': 'High (includes PII, financial data, '
'and potential military-affiliated '
'customer data)',
'type_of_data_compromised': ['SIM Card Data',
'Customer Identity Information',
'Financial Information '
'(Micropayment Scams)',
'Potential PII (under '
'investigation for LG Uplus)']},
'date_detected': ['2025-04-01', '2025-09-01'],
'date_publicly_disclosed': ['2025-07-05', '2025-09-09', '2025-09-16'],
'description': 'The South Korean government is investigating multiple data '
'breach incidents at three of the country’s largest cellphone '
'service providers—SK Telecom, KT Corp., and LG Uplus—all of '
'which sell plans to U.S. military customers. The breaches '
'involve customer data hacking, micropayment scams, and '
'large-scale data theft, with at least 10 GB of SIM card data '
'stolen from SK Telecom in April 2025. Investigations are '
'ongoing, with allegations of international hacking '
'organizations selling stolen data online. KT Corp. faced an '
'unauthorized micropayment incident, while LG Uplus is under '
'probe for large-scale customer data theft. The incidents have '
'raised public anxiety, prompting the Ministry of Science and '
'Information and Communication Technology (MSIT) to launch '
'joint investigations and pledge transparency.',
'impact': {'brand_reputation_impact': 'High (multiple breaches at major '
'providers, U.S. military customers '
'affected)',
'customer_complaints': 'Increased public anxiety reported',
'data_compromised': ['SIM Card Data (10+ GB from SK Telecom)',
'Customer Identity/Financial Information (KT '
'Micropayment Scam)',
'Large-Scale Customer Data (LG Uplus, under '
'investigation)'],
'identity_theft_risk': 'High (SIM swapping, micropayment scams)',
'operational_impact': ['Joint public-private investigation (KT '
'Corp.)',
'U.S. Forces Korea advisory issued (SK '
'Telecom, April 2025)'],
'payment_information_risk': 'High (micropayment scams, financial '
'data exposure)',
'systems_affected': ['42,000+ servers inspected (SK Telecom)',
'28 servers infected with advanced hacking '
'tools (SK Telecom)']},
'initial_access_broker': {'backdoors_established': 'Yes (28 servers infected '
'with advanced hacking '
'tools at SK Telecom)',
'data_sold_on_dark_web': 'Alleged (SK Telecom '
'customer data)',
'high_value_targets': 'Potential (U.S. military '
'customers)'},
'investigation_status': 'Ongoing (MSIT-led joint investigation for KT Corp.; '
'probes for SK Telecom and LG Uplus)',
'motivation': ['Financial Gain (Micropayment Scams)',
'Data Theft for Resale (Dark Web)',
'Espionage (potential, given U.S. military customer '
'involvement)'],
'ransomware': {'data_exfiltration': 'Yes (SK Telecom, 10+ GB)'},
'references': [{'date_accessed': '2025-09-16',
'source': 'Ministry of Science and Information and '
'Communication Technology (MSIT), South Korea'},
{'date_accessed': '2025-09-23', 'source': 'Stars and Stripes'},
{'source': 'U.S. Federal Communications Commission (FCC)'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (MSIT '
'investigations, public '
'disclosures)'},
'response': {'communication_strategy': ['Public advisories (MSIT news '
'releases on 2025-09-09 and '
'2025-09-16)',
'U.S. Forces Korea advisory (April '
'2025, SK Telecom only)'],
'containment_measures': ['Server inspections (42,000+ for SK '
'Telecom)',
'Identification of 28 infected servers '
'(SK Telecom)'],
'incident_response_plan_activated': 'Yes (Joint public-private '
'investigation team for KT '
'Corp.)',
'law_enforcement_notified': 'Yes (MSIT-led investigation)'},
'stakeholder_advisories': ['U.S. Forces Korea advisory (April 2025, SK '
'Telecom)',
'MSIT public releases (2025-09-09 and 2025-09-16)'],
'threat_actor': ['International Hacking Organization (alleged)',
'Unknown (under investigation)'],
'title': 'Series of Data Breaches at Major South Korean Telecom Providers '
'Affecting U.S. Military Customers',
'type': ['Data Breach',
'Micropayment Scam',
'Unauthorized Access',
'Advanced Persistent Threat (APT)']}