South Korea’s telecom giant SK Telecom has confirmed its worst cybersecurity breach in history, impacting nearly half the country’s population. The April 2025 breach compromised sensitive SIM data, triggered mass customer exits, and may cost the company over $5 billion. Investigations suggest a China-backed campaign exploiting Ivanti VPN vulnerabilities.

In April 2025, South Korea’s largest telecom company, SK Telecom (SKT), faced a catastrophic cyberattack that compromised the personal data of 23 million users—a figure amounting to nearly half of South Korea’s population. This historic breach exposed deeply sensitive subscriber data, raising questions about SK Telecom’s preparedness in the face of modern cyber threats.

The compromised data, as revealed by the Personal Information Protection Committee (PIPC), includes 25 categories of personal information such as mobile numbers, IMSI numbers, USIM authentication keys, and other unique identifiers. This heightened risks of SIM-swapping attacks, government surveillance, and fraudulent access to telecom services.

SK Telecom confirmed the breach on April 22, but acknowledged internally detecting anomalies as early as April 18. Over the following weeks, the company launched a SIM card replacement initiative, though shortages of USIM cards slowed the rollout—while offering free protection services and enhanced fraud detection tools.

The breach has led to widespread public distrust. CEO Young-sang Ryu testified before South Korea’s National Assembly, revealing that 250,000 users had already switched to rival providers. He projected that up to 2.5 million customers may leave if SKT waives contract termination fees. He warned the financial impact could surpass ₩7 trillion (~$5 billion) over the next three years.

The company, under immense public pressure, is now debating whether to waive cancellation penalties, a decision that could serve as both damage control and an act of consumer goodwill. Meanwhile, Chairman Tae-won Chey of SK Group, the conglomerate behind SKT, issued a public apology on May 7—nearly three weeks after the breach. His delayed acknowledgment has drawn criticism from lawmakers and data privacy advocates.

The breach is part of a larger global pattern of cyber intrusions reportedly backed by Chinese state-affiliated groups. Local media reported that SKT and other major firms used Ivanti VPN systems, which were recently identified by cybersecurity firm TeamT5 as vulnerable entry points exploited by China-linked actors.

In total, 20 industries across 12 countries were affected by similar attacks, including targets in the United States, Taiwan, and Australia. The attackers reportedly deployed multiple strains of malware into SKT’s systems, with the latest analysis revealing 12 types of malware on key infrastructure, particularly the Home Subscriber Server (HSS) that stores user identity, mobility, and authentication data.

SKT has since collaborated with law enforcement and private cybersecurity firms in a joint investigation. Their immediate response included isolating infected systems, setting up SIM protection, and bolstering fraud detection—but critics argue the company’s delayed response allowed for significant data exfiltration.