SK Telecom faced a catastrophic USIM (Universal Subscriber Identity Module) data breach affecting 27 million users, leading to its first projected quarterly loss since earnings reporting began. The incident triggered a 1 trillion won (~$705M) compensation program, including 50% mobile rate discounts, extra data, and expanded partnerships, alongside a 134.8 billion won regulatory fine—the largest-ever penalty by South Korea’s Personal Information Protection Commission—for negligence and delayed user notifications. The breach caused mass customer defection to competitors (e.g., KT gained 280,000 subscribers), while SK Telecom’s Q3 operating profit plummeted 91.8% year-on-year to 43.7 billion won, with a consolidated operating loss of 27.4 billion won. The financial and reputational damage extended to weakened Q4 outlook, compounded by regulatory scrutiny and eroded trust in data security.
TPRM report: https://www.rankiteo.com/company/sk-telecom
"id": "sk-5462054101625",
"linkid": "sk-telecom",
"type": "Breach",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '~27 million (USIM data leak)',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'SK Telecom',
'size': "Large (one of South Korea's three major "
'telecoms)',
'type': 'Telecommunications'},
{'customers_affected': '~5,561 (IMSI exposure), 362 '
'confirmed fraud victims',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'KT Corporation',
'size': 'Large',
'type': 'Telecommunications'},
{'customers_affected': 'Indirectly affected (gained '
'subscribers from SK Telecom)',
'industry': 'Telecom',
'location': 'South Korea',
'name': 'LG Uplus',
'size': 'Large',
'type': 'Telecommunications'}],
'attack_vector': ['Negligence in safety measures (SK Telecom)',
'Illegal base stations intercepting verification codes (KT)',
'Delay in notifying users (SK Telecom)'],
'customer_advisories': ['SK Telecom: 50% discount on mobile rates, extra 50GB '
'data, expanded partnership discounts',
'KT: Notification to 362 confirmed fraud victims'],
'data_breach': {'data_exfiltration': ['Confirmed (SK Telecom USIM data)',
'Confirmed (KT IMSI data via illegal '
'base stations)'],
'number_of_records_exposed': ['~27 million (SK Telecom)',
'~5,561 (KT)'],
'personally_identifiable_information': ['USIM data (includes '
'subscriber '
'identities)',
'IMSI (unique '
'identifier for '
'mobile users)'],
'sensitivity_of_data': 'High (USIM/IMSI data can enable '
'identity theft, SIM swapping, and '
'unauthorized access)',
'type_of_data_compromised': ['Universal Subscriber Identity '
'Module (USIM) data (SK Telecom)',
'International Mobile Subscriber '
'Identity (IMSI) (KT)']},
'description': 'The telecom sector in South Korea faced significant financial '
'and operational impacts due to two major cybersecurity '
"incidents: (1) SK Telecom's large-scale leak of USIM data "
'affecting nearly 27 million users, leading to regulatory '
"fines, compensation payouts, and customer churn; (2) KT's "
'mobile payment fraud incident involving illegal base stations '
'intercepting verification codes, exposing IMSI data of ~5,561 '
'users and causing ~240 million won in losses. The incidents '
'resulted in a projected 33% year-on-year drop in aggregate '
'third-quarter operating profit for SK Telecom, KT, and LG '
'Uplus, with SK Telecom expecting its first quarterly loss '
'since reporting earnings.',
'impact': {'brand_reputation_impact': ["Severe damage to SK Telecom's "
'reputation',
'KT faced reputational risks due to '
'mobile payment fraud'],
'conversion_rate_impact': ['KT gained ~280,000 subscribers from SK '
'Telecom',
'LG Uplus experienced modest growth'],
'data_compromised': ['USIM data of ~27 million users (SK Telecom)',
'International Mobile Subscriber Identity '
'(IMSI) of ~5,561 users (KT)'],
'financial_loss': ['1 trillion won (SK Telecom compensation '
'program)',
'134.8 billion won (regulatory fine for SK '
'Telecom)',
'240 million won (KT unauthorized payments)',
'Projected 27.4 billion won consolidated '
'operating loss (SK Telecom)'],
'identity_theft_risk': ['High (USIM data exposure for 27 million '
'users)',
'High (IMSI exposure for 5,561 users)'],
'legal_liabilities': ['134.8 billion won fine for SK Telecom',
'Potential legal actions from affected '
'customers'],
'operational_impact': ['Customer churn (SK Telecom lost '
'subscribers to KT and LG Uplus)',
'Regulatory scrutiny and largest-ever '
'penalty by Personal Information Protection '
'Commission (SK Telecom)',
'Ongoing mobile payment fraud '
'investigations (KT)'],
'payment_information_risk': ['Unauthorized payments totaling ~240 '
'million won (KT)'],
'revenue_loss': ['SK Telecom: 12.96% drop in revenue (3.94 '
'trillion won vs. prior year)',
'Aggregate 33% drop in operating profit for all '
'three carriers (829.2 billion won vs. 1.24 '
'trillion won prior year)']},
'initial_access_broker': {'entry_point': ['Unknown (SK Telecom USIM leak)',
'Illegal base stations intercepting '
'verification codes (KT)'],
'high_value_targets': ['USIM data (SK Telecom)',
'Mobile payment verification '
'codes (KT)']},
'investigation_status': ['Ongoing (KT mobile payment fraud - additional '
'illegal base stations discovered)',
'Completed (SK Telecom USIM leak - regulatory fine '
'imposed)'],
'lessons_learned': ['Importance of timely incident disclosure to users and '
'regulators',
'Need for robust security measures for subscriber '
'identity data (USIM/IMSI)',
'Vulnerabilities in mobile payment verification systems '
'can lead to large-scale fraud',
'Compensation programs can mitigate customer churn but '
'may not fully restore reputation'],
'motivation': ['Financial Gain', 'Fraud'],
'post_incident_analysis': {'corrective_actions': ['SK Telecom: Compensation '
'program and regulatory '
'compliance improvements '
'(implied)',
'KT: Shutdown of illegal '
'base stations and '
'investigation into fraud '
'scheme'],
'root_causes': ['SK Telecom: Neglect of safety '
'measures for USIM data storage '
'and delayed incident notification',
'KT: Inadequate security for '
'mobile payment verification '
'(vulnerability to illegal base '
'station spoofing)']},
'recommendations': ['Enhance encryption and access controls for USIM/IMSI '
'data',
'Implement multi-factor authentication for mobile '
'payments',
'Strengthen monitoring for illegal base stations and SIM '
'swapping attempts',
'Proactive communication with customers and regulators '
'during incidents',
'Regular security audits for telecom infrastructure'],
'references': [{'source': 'FnGuide (financial data provider)'},
{'source': 'Government-private joint investigation team report '
'(KT mobile payment fraud)'},
{'source': 'Personal Information Protection Commission (SK '
'Telecom fine)'}],
'regulatory_compliance': {'fines_imposed': ['134.8 billion won (SK Telecom)'],
'regulations_violated': ['Personal Information '
'Protection Act (South '
'Korea) - SK Telecom fined '
'for neglecting safety '
'measures and delayed user '
'notification'],
'regulatory_notifications': ['Personal Information '
'Protection Commission '
'(SK Telecom)']},
'response': {'communication_strategy': ['SK Telecom: Public disclosure of '
'compensation program',
'KT: Confirmation of fraud victims '
'and losses'],
'containment_measures': ['SK Telecom: 5 trillion won '
'compensation package (50% discount on '
'mobile rates, extra 50GB data, '
'expanded partnership discounts)',
'KT: Investigation and shutdown of '
'illegal base stations (24 confirmed)'],
'law_enforcement_notified': True,
'third_party_assistance': ['Government-private joint '
'investigation team (KT mobile '
'payment fraud)']},
'threat_actor': ['Unknown (SK Telecom USIM leak)',
'Two Chinese nationals (KT mobile payment fraud)'],
'title': 'SK Telecom USIM Data Breach and KT Mobile Payment Fraud Incidents',
'type': ['Data Breach', 'Fraud', 'Unauthorized Access'],
'vulnerability_exploited': ['Lack of adequate security measures for USIM data '
'(SK Telecom)',
'Weakness in mobile payment verification system '
'(KT)']}