Cyber Incident Victim: Slovak Telekom
Date:
Apr 2025
Location:
South Korea
Summary
SK Telecom experienced a cybersecurity breach where hackers infiltrated its internal systems and installed malware. The telecommunications firm detected the suspicious activity, promptly removed the malware, isolated affected equipment, and initiated a full-scale investigation. While indicating a possible USIM card data leak, no misuse of leaked information has been confirmed. Authorities, including the Korea Internet & Security Agency and the Ministry of Science and ICT, are investigating the incident's scope and cause. The company is reinforcing defenses against illegal USIM swaps and offering free protection services to customers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 4 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 19, 2025, SK Telecom, South Korea's largest telecommunications provider, confirmed a breach of its internal systems by hackers. Suspicious activity was detected around 11 p.m. on the preceding Saturday, indicating unauthorized access where attackers infiltrated systems and deployed malware. Upon identifying the intrusion, SK Telecom acted immediately by removing the malicious software and isolating compromised equipment to contain the threat. The company concurrently initiated a comprehensive investigation across its entire infrastructure to assess the scope and impact. The breach raised concerns about a potential data leak specifically involving USIM card information, although SK Telecom stated no confirmed instances of the leaked data being misused had been found at the time of reporting. The company reported the incident to the Korea Internet & Security Agency (KISA).
In response to the breach, SK Telecom implemented precautionary security enhancements focused on preventing illegal USIM swaps and blocking abnormal authentication attempts. As a customer protection measure, SK Telecom announced it would offer a USIM protection service free of charge upon request. The company publicly committed to strengthening its company-wide security systems to prevent recurrence and restore customer trust. Concurrently, South Korean authorities, including the Ministry of Science and ICT and KISA, launched their own investigation into the breach's scope and cause, forming an emergency response team. The ICT Ministry directed SK Telecom to preserve and submit relevant breach data, while KISA dispatched experts to provide technical support for identifying the cause and preventing further damage. SK Telecom potentially faces legal sanctions under Article 29 of South Korea's Personal Information Protection Act, which mandates security measures; violations could result in fines of up to 3 percent of related revenue. Depending on severity, administrative fines might be imposed instead, with leaks involving over 1,000 records potentially incurring fines up to 50 million won ($35,200), adjusted based on violation specifics.