SK Telecom, South Korea’s largest mobile carrier, suffered a massive data breach in 2024, traced back to a 2022 infiltration where attackers used 25 undetected malware strains for nearly three years. The breach exposed personal data of 27 million customers, including subscriber identity numbers, authentication keys, network logs, and SIM-stored messages. The financial fallout was severe: operating profit plummeted 90% (from 493B won to 48.4B won), sales dropped 12.2%, and the company suspended dividends for the first time since 2000. Regulatory penalties included a record 134B won ($96.5M) fine, while recovery efforts cost 500B won ($349M) in customer compensation (discounts, free data, voucher packages, and waived termination fees). The breach also triggered a two-month freeze on new subscriptions, accelerating customer churn. The attack forced a complete cybersecurity overhaul, SIM card replacements for millions, and long-term reputational damage, with the CFO framing it as a ‘crisis-to-opportunity’ pivot to restore trust.
Source: https://therecord.media/data-breach-costs-lead-to-profit-decline-south-korea-telecom
TPRM report: https://www.rankiteo.com/company/sk-telecom
"id": "sk-5102251110425",
"linkid": "sk-telecom",
"type": "Breach",
"date": "6/2000",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '27 million',
'industry': 'telecom',
'location': 'Seoul, South Korea',
'name': 'SK Telecom',
'size': 'large (27 million customers affected)',
'type': 'telecommunications carrier'}],
'attack_vector': ['malware (25 types)', 'undetected network infiltration'],
'customer_advisories': ['SIM card replacement program',
'50% mobile fee discount',
'waived contract termination fees',
'free data and vouchers as part of 500-billion-won '
'package'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '27 million',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes authentication '
'credentials and identity data)',
'type_of_data_compromised': ['subscriber identity numbers',
'authentication keys',
'network activity logs',
'SIM-stored text messages']},
'date_detected': '2024-04-01',
'date_publicly_disclosed': '2024-04-01',
'description': 'South Korea’s major mobile carrier, SK Telecom, experienced a '
'large-scale cyberattack disclosed in April 2024, exposing the '
'personal data of about 27 million customers. The breach, '
'traced back to 2022, involved 25 types of malware that went '
'undetected for nearly three years. The stolen data included '
'subscriber identity numbers, authentication keys, network '
'activity logs, and SIM-stored text messages. The incident led '
'to a 90% drop in operating profit for Q3 2024, a record 134 '
'billion won ($96.5 million) fine, and a 500-billion-won ($349 '
'million) customer appreciation package to rebuild trust.',
'impact': {'brand_reputation_impact': ['loss of customer trust',
'increased churn due to fee '
'waivers/discounts',
'first quarterly loss since 2000'],
'data_compromised': {'data_types': ['subscriber identity numbers',
'authentication keys',
'network activity logs',
'SIM-stored text messages'],
'records_exposed': '27 million customers'},
'financial_loss': {'dividend_suspension': 'Q3 2024',
'operating_profit_drop': '90% (from 493 billion '
'won to 48.4 billion '
'won)',
'recovery_costs': 'included in 500 billion won '
'customer package',
'regulatory_fine': '134 billion won ($96.5 '
'million)',
'revenue_loss': '12.2% sales decline'},
'identity_theft_risk': 'high (subscriber identity numbers and '
'authentication keys compromised)',
'legal_liabilities': ['134 billion won regulatory fine',
'mandated cybersecurity overhaul'],
'operational_impact': ['suspended new subscriptions for 2 months',
'SIM card replacements for millions of '
'users',
'cybersecurity system overhaul mandated by '
'regulators'],
'revenue_loss': '12.2% sales decline in Q3 2024'},
'initial_access_broker': {'high_value_targets': ['subscriber identity data',
'authentication keys',
'network logs'],
'reconnaissance_period': 'nearly 3 years '
'(2022–2024)'},
'investigation_status': 'Ongoing (regulator-mandated overhaul in progress)',
'lessons_learned': ['Proactive detection of malware is critical to prevent '
'long-term undetected breaches.',
'Regular cybersecurity audits and vulnerability '
'assessments are essential for large-scale '
'infrastructure.',
'Customer trust recovery requires significant financial '
'investment and transparency.',
'Regulatory compliance and fines can compound financial '
'losses post-breach.'],
'post_incident_analysis': {'corrective_actions': ['Mandated cybersecurity '
'overhaul by regulators',
'Implementation of customer '
'trust recovery measures '
'(discounts, SIM '
'replacements)',
'Financial restructuring '
'(dividend suspension, cost '
'management)'],
'root_causes': ['Failure to detect 25 types of '
'malware for nearly 3 years',
'Inadequate network monitoring and '
'threat detection',
'Lack of proactive vulnerability '
'management']},
'recommendations': ['Implement advanced threat detection systems to identify '
'malware early.',
'Conduct regular third-party cybersecurity audits to '
'identify vulnerabilities.',
'Enhance employee training on cybersecurity best '
'practices and incident response.',
'Develop a robust communication plan for customer and '
'stakeholder notifications during breaches.',
'Invest in proactive measures like network segmentation '
'and behavioral analysis to prevent future intrusions.'],
'references': [{'source': 'SK Telecom Earnings Report (Q3 2024)'},
{'source': 'Local media reports (South Korea)'},
{'source': 'Regulatory fine announcement (South Korean '
'authorities)'}],
'regulatory_compliance': {'fines_imposed': '134 billion won ($96.5 million)',
'legal_actions': ['mandated cybersecurity overhaul',
'regulatory investigation'],
'regulatory_notifications': True},
'response': {'communication_strategy': ['public disclosure in April 2024',
'shareholder notification',
'customer advisories (SIM '
'replacements, discounts)'],
'containment_measures': ['suspended new subscriptions for 2 '
'months',
'SIM card replacements for affected '
'users'],
'incident_response_plan_activated': True,
'recovery_measures': ['500-billion-won ($349 million) customer '
'appreciation package (rate discounts, '
'free data, vouchers)',
'waived contract termination fees',
'50% mobile fee discount'],
'remediation_measures': ['cybersecurity system overhaul '
'(regulator-mandated)',
'replacement of compromised SIM cards']},
'stakeholder_advisories': ['Shareholder notification on financial impact (Q3 '
'2024 earnings report)',
'Public disclosure of breach details (April 2024)'],
'title': 'SK Telecom Large-Scale Data Breach (2022-2024)',
'type': ['data breach', 'cyberattack', 'malware intrusion']}