SK Telecom, South Korea’s largest mobile operator, has confirmed a security breach involving customer SIM-related information following a malware infection discovered late on April 19. The attack, which occurred around 11:00 PM local time on Saturday, exploited a period when many organizations typically operate with reduced staffing.

SK Telecom servers approximately 34 million subscribers and holds a 48.4% share of the national mobile phone service market, revealed that hackers accessed certain sensitive data due to the malware intrusion.

SK Telecom Hit by Malware Attack

According to the official statement from SK Telecom, the company detailed a swift and structured response following the discovery of the incident. Malware was initially detected on the evening of April 19, triggering immediate internal alerts. In line with regulatory requirements, the company promptly reported the incident to the Korea Internet & Security Agency (KISA) on April 20.

Subsequently, on April 22 at 10:00 AM, SK Telecom also notified the Personal Information Protection Commission of the potential data exposure.

While the investigation is still ongoing, preliminary findings suggest that data such as the International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), and other authentication-related details stored on the USIM could have been at risk.

As of now, there is no confirmed evidence that this information has been misused. However, given the sensitive nature of USIM data — which can potentially be exploited for activities such as targeted surveillance, location tracking, or SIM-swap fraud.

Conclusion

The company reassured users that customer notifications have been initiated, and additional safeguards are being developed to strengthen its security infrastructure moving forward. SK Telecom as part of its containment efforts, removed the malware and isolated the affected system to prevent any further risks.

Source:hxxps[://]news[.]sktelecom[.]com/211423

Follow cybersecurity88 on X and Linkedin for the latest cybersecurity news