SK Telecom Challenges Record $91M Fine Over 2024 Data Breach
South Korea’s Personal Information Protection Commission (PIPC) has imposed a record $91 million fine on SK Telecom for its delayed disclosure of a 2024 cyberattack that exposed the universal subscriber identity module (USIM) data of all 23 million customers. The penalty the largest in the regulator’s six-year history surpasses the combined fines levied against Meta and Google in 2022.
SK Telecom, South Korea’s leading telecommunications provider, has contested the fine, arguing that the breach did not result in financial losses for subscribers and citing its post-incident security investments and reforms. The company also questioned the fairness of the penalty compared to those imposed on Meta and Google.
In a separate case, Google agreed to an $8.25 million settlement in a class-action lawsuit alleging illegal data collection from devices used by children under 13. The case, reported by The Record, highlights growing scrutiny over tech companies’ handling of minors’ data.
Meanwhile, AWS launched its EU Sovereign Cloud, a new offering designed to meet strict European data residency requirements. The cloud, managed by EU-based staff under a German parent company, ensures that metadata, billing, and identity systems remain within the EU, addressing concerns over cross-border data transfers.
In the U.S., the Federal Trade Commission (FTC) finalized an order against General Motors (GM) over allegations that its OnStar "Smart Driver" feature collected precise geolocation and driving behavior data every three seconds without proper consent. The complaint, filed in January 2025, underscores regulatory pressure on automakers over unauthorized data tracking.
Source: https://www.scworld.com/brief/record-data-breach-penalty-challenged-by-sk-telecom
SK Telecom cybersecurity rating report: https://www.rankiteo.com/company/sk-telecom
General Electric Company cybersecurity rating report: https://www.rankiteo.com/company/general-electric-company
"id": "SK-GEN1768955987",
"linkid": "sk-telecom, general-electric-company",
"type": "Breach",
"date": "6/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '23 million',
'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'SK Telecom',
'size': 'Leading provider',
'type': 'Telecommunications Provider'}],
'data_breach': {'number_of_records_exposed': '23 million',
'sensitivity_of_data': 'High (USIM data)',
'type_of_data_compromised': 'Universal subscriber identity '
'module (USIM) data'},
'date_detected': '2024',
'description': 'South Korea’s Personal Information Protection Commission '
'(PIPC) imposed a record $91 million fine on SK Telecom for '
'delayed disclosure of a 2024 cyberattack that exposed the '
'universal subscriber identity module (USIM) data of all 23 '
'million customers.',
'impact': {'brand_reputation_impact': 'Contested by SK Telecom, citing '
'post-incident security investments',
'data_compromised': 'Universal subscriber identity module (USIM) '
'data',
'financial_loss': '$91 million (fine)',
'legal_liabilities': 'Record fine imposed by PIPC'},
'investigation_status': 'Fine imposed, contested by SK Telecom',
'post_incident_analysis': {'corrective_actions': 'Post-incident security '
'investments and reforms'},
'references': [{'source': 'The Record'}],
'regulatory_compliance': {'fines_imposed': '$91 million',
'regulations_violated': 'Personal Information '
'Protection Commission '
'(PIPC) regulations'},
'response': {'communication_strategy': 'Contested the fine, arguing no '
'financial losses for subscribers',
'remediation_measures': 'Post-incident security investments and '
'reforms'},
'title': 'SK Telecom Data Breach and Record Fine',
'type': 'Data Breach'}