- SK Telecom suffered a data violation that was discovered in April 2025
- It affected approx. 27 million people
- The company was fined for that and will have to make significant changes in its operations
SK Telecom (Skt), one of the largest providers of telecommunications services in South Korea, was fined nearly $ 100 million for not protecting user data.
In April 2025, the company discovered a malware overgrowth that allowed threat players to lurk within its systems for years. Some researchers even claim that the attack started in August 2021.
MISCREEINTS targeted SKT’s Home Subscriber Server (HSS) and other critical infrastructure that reveals sensitive subscriber data, including USIM approval keys (KI), International Mobile Subscriber Identity (IMSI) numbers, IMEI unit identifiers, telephone numbers, e -mail addresses and possibly other personal data.
“Very weak condition”
About 27 million people were affected by the violation.
Now, Pakinomist reports that the government -controlled personal information protection commission issued a statement confirming the fine of around 134 billion won ($ 96.53 million) to “neglect its duty to take security measures” and for “delays in giving the leak to customers”.
The statement also claims that SKT’s systems were in a “very weak condition” which allowed threat actors to access the company’s intranet. There were no passwords or other security measures that defended the servers from outside, and operating systems were outdated and drove without the latest security fixes.
In addition to being forced to pay the fine, the company also has to “strengthen the security rules on information protection” and renew its governance.
In response to a Pakinomist study, SK Telecom said it “felt a serious responsibility” and will make the protection of customer information a “highest priority”.
In response, it launched an “Information Security Innovation Plan”, which includes implementation of zero-thrust architecture, enlargement of encryption, formed a red team that lifts the CISO role to report directly to CEO and add cybersecurity experts to the board.
Customers received free USIM card replacements and were offered a 50% discount on August subscription fees. Furthermore, the one who would cancel their contract premature was allowed to do so without extra fees.
Via Pakinomist
