SK Telecom says malware breach lasted 3 years, impacted 27 million numbers

SK Telecom says that a recently disclosed cybersecurity incident in April, first occurred all the way back in 2022, ultimately exposing the USIM data of 27 million subscribers. SK Telecom is the largest mobile network operator in South Korea, holding roughly half of the national market. On April 19, 2025, the company detected malware on its networks and responded by isolating the equipment suspected of being hacked. This breach allowed attackers to steal data that included IMSI, USIM authentication keys, network usage data, and SMS/contacts stored in the SIM. This exposure increased the risk of SIM-swapping attacks, so the company decided to issue SIM replacements for all subscribers while strengthening security measures to prevent unauthorized number porting actions. On May 8, 2025, a government committee investigating the incident declared that the malware infection compromised 25 data types. At the time, SK Telecom announced it would stop accepting new subscribers as it strugg ... Read full article.