Article Details

SK Telecom cyberattack: Free SIM replacements for 25 million customers. South Korean mobile provider SK Telecom has announced free SIM card replacements to its 25 million mobile customers following a recent USIM data breach, but only 6 million cards are available through May. SK Telecom is the country's largest mobile network operator, serving roughly half of the domestic mobile phone market. On April 19, the company detected a malware running on its network that allowed threat actors to steal customers' Universal Subscriber Identity Module (USIM) data, typically including International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. No customer names, other identification details, or financial information were exposed due to this incident. The main risk from this breach is the potential for threat actors to perform unauthorized number ports to cloned SIM cards, known as "SIM swapping." In an update published earlier today, SK Telecom assured customers that such requests would be automatically detected and blocked by its Fraud Detection System (FDS) and SIM Protection Service, which have been enhanced to handle the elevated risk. As of today, SK Telecom is also offering free-of-charge SIM card replacements to 25 million mobile subscribers, including approximately 2 million using budget carriers, who are worried about the potential for SIM swapping attacks impacting them. However, the mobile carrier warns that due to a lack of inventory, they can only replace up to 6 million SIM cards through May 2025. "Currently, SK Telecom holds 1 million SIM cards and plans to secure 5 million more by the end of May 2025," reads the update. "Due to potential congestion, customers are encouraged to use the online reservation system (care.tworld.co.kr) to book their SIM replacement in advance." Only customers who subscribed as of April 18, 2025, at midnight (Japan time), are eligible for SIM replacement. Meanwhile, the firm has published an FAQ about the cybersecurity incident, which states that investigations into the exact causes and scope are still ongoing but have not yet confirmed "secondary damage or dark web leaks." The FAQ also clarifies that roaming services have been disabled for subscribers who have activated SIM Protection, but they plan to upgrade the feature to make it usable while abroad for optimal protection. Finally, all impacted customers will be receiving a personalized message with security instructions soon.