SK Telecom, South Korea’s largest telecom operator, faced a high-profile cyber incident in April where an international hacking group, **Scattered Lapsus$**, claimed to have stolen **personal data of 27 million users** (including IDs, full names, phone numbers, emails, addresses, and birthdates). The group demanded $10,000 for a 100GB sample and threatened to leak the full dataset along with admin access if negotiations failed. While SK Telecom denied the breach—asserting the sample data and FTP screenshots were fabricated—the **Ministry of Science and ICT launched an investigation**, demanding transparency. The incident eroded consumer trust, causing SK Telecom’s **market share to drop below 40% for the first time in a decade**, with users switching carriers amid fears of data misuse. The prolonged scrutiny and reputational damage highlight systemic vulnerabilities in telecom security, compounded by the group’s persistent threats and public distrust in the company’s response.
TPRM report: https://www.rankiteo.com/company/sk-telecom
"id": "sk-3932739091625",
"linkid": "sk-telecom",
"type": "Breach",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '27 million (claimed; denied by '
'SK Telecom)',
'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'SK Telecom',
'size': "Large (Nation's largest telecom operator)",
'type': 'Telecommunications Operator'},
{'customers_affected': '278 (fraud cases) + 5,561 '
'(potential IMSI compromise)',
'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'KT Corporation',
'size': 'Large',
'type': 'Telecommunications Operator'}],
'attack_vector': ['Hacking (Claimed by Scattered Lapsus$)',
'Rogue Cellular Base Stations (KT Incident)',
'Interception of Payment Verifications'],
'customer_advisories': ['KT users advised to monitor accounts for '
'unauthorized transactions',
'General anxiety among telecom users in South Korea'],
'data_breach': {'data_exfiltration': ['SK Telecom: Claimed 100 GB sample '
'(denied by company)',
'KT: Unclear (IMSI data potentially '
'intercepted)'],
'file_types_exposed': ['SK Telecom: FTP screenshots, sample '
'datasets (fabricated, per company)',
'KT: Unknown'],
'number_of_records_exposed': ['SK Telecom: 27 million '
'(claimed)',
'KT: 5,561 (IMSI data)'],
'personally_identifiable_information': ['SK Telecom: User '
'IDs, full names, '
'phone numbers, '
'emails, addresses, '
'birthdates (claimed)',
'KT: IMSI data (5,561 '
'users)'],
'sensitivity_of_data': 'High (PII for SK Telecom; IMSI for '
'KT)',
'type_of_data_compromised': ['SK Telecom (claimed): User IDs, '
'full names, phone numbers, '
'emails, addresses, birthdates',
'KT: International Mobile '
'Subscriber Identity (IMSI) '
'data']},
'date_publicly_disclosed': '2024-05-28T00:00:00Z',
'description': 'Korea’s major mobile carriers SK Telecom and KT are under '
'scrutiny following a massive hacking incident at SK Telecom '
'in April affecting 27 million users and a separate fraudulent '
'mobile payment breach at KT. SK Telecom denied claims by the '
'hacking group Scattered Lapsus$ that it possesses 100 GB of '
'stolen customer data, including personal information like '
'user IDs, full names, phone numbers, emails, addresses, and '
'birthdates. Meanwhile, KT confirmed 278 cases of unauthorized '
'transactions totaling over 170 million won ($122,460) and '
"potential compromise of 5,561 users' IMSI data due to rogue "
'cellular base stations intercepting payment verifications.',
'impact': {'brand_reputation_impact': ['Erosion of trust in SK Telecom and KT',
'Negative media coverage',
'Potential subscriber churn coinciding '
'with iPhone 17 launch'],
'customer_complaints': ['Growing concerns from consumers',
'Daily checks for unauthorized payments by '
'KT users',
'Anxiety over potential future breaches'],
'data_compromised': {'KT': "5,561 users' IMSI data potentially "
'compromised',
'SK_Telecom': 'Claimed: 27 million user '
'records (100 GB sample offered '
'for $10,000; includes user '
'IDs, full names, phone '
'numbers, emails, addresses, '
'birthdates)'},
'financial_loss': {'KT': '170,000,000 KRW (~$122,460 USD)',
'SK_Telecom': None},
'identity_theft_risk': ['High (if SK Telecom data breach claims '
'are true)',
'Moderate (KT IMSI data compromise)'],
'operational_impact': ['Market share drop for SK Telecom (below '
'40% for the first time in a decade)',
'Customer anxiety and potential churn for '
'both carriers',
'Regulatory scrutiny and investigations by '
'Ministry of Science and ICT'],
'payment_information_risk': ['High (KT fraudulent transactions)',
'Low (SK Telecom denies breach)']},
'initial_access_broker': {'data_sold_on_dark_web': 'SK Telecom: Claimed 100 '
'GB sample offered for '
'$10,000 on Telegram '
'(denied by company)',
'entry_point': ['SK Telecom: Unverified (claimed by '
'Scattered Lapsus$)',
'KT: Rogue cellular base stations '
'intercepting payment '
'verifications'],
'high_value_targets': ['SK Telecom: Customer '
'database (claimed)',
'KT: Mobile payment '
'verification system']},
'investigation_status': 'Ongoing (Ministry of Science and ICT leading '
'investigations for both incidents)',
'motivation': ['Financial Gain (Data Sale by Scattered Lapsus$)',
'Fraud (KT Mobile Payment Breach)'],
'references': [{'date_accessed': '2024-05-28',
'source': 'The Korea Herald (or original article source)'}],
'regulatory_compliance': {'regulatory_notifications': ['Ministry of Science '
'and ICT investigating '
'SK Telecom',
'KT reporting to '
'authorities']},
'response': {'communication_strategy': ['SK Telecom: Public denial of breach, '
'transparency pledge',
'KT: Public apology, ongoing updates'],
'incident_response_plan_activated': ['SK Telecom: Denied breach, '
'working with authorities',
'KT: High-profile apology, '
'cooperation with Ministry '
'of Science and ICT'],
'law_enforcement_notified': ['Ministry of Science and ICT '
'investigating SK Telecom incident',
'KT collaborating with '
'authorities']},
'stakeholder_advisories': ['SK Telecom: Reassuring users, denying breach '
'claims',
'KT: Apology issued, monitoring for further fraud'],
'threat_actor': 'Scattered Lapsus$ (claimed, unverified for SK Telecom)',
'title': 'Data Breach and Fraudulent Mobile Payment Incidents at SK Telecom '
'and KT',
'type': ['Data Breach',
'Fraud (Mobile Payment)',
'Unauthorized Access',
'Social Engineering (Rogue Base Stations)'],
'vulnerability_exploited': ['Unknown (SK Telecom denies breach)',
'Weakness in Mobile Payment Verification Process '
'(KT)']}