South Korea Fines SK Telecom $96.5M Over Massive Data Breach

In April 2025, South Korea’s leading telecommunications provider SK Telecom (SKT) uncovered a long-standing software vulnerability that had allowed attackers to lurk within its internal systems for years. Some researchers believe the intrusion may have begun as early as August 2021.

The cybercriminals targeted SKT’s Home Subscriber Servers (HSS) and other critical infrastructure, stealing sensitive customer data including USIM authentication keys, International Mobile Subscriber Identities (IMSI), IMEI device identifiers, phone numbers, email addresses, and potentially other forms of personal information.

Subsequent investigations revealed that the breach impacted approximately 27 million South Korean users—out of the company’s total subscriber base of about 30 million. In response, the Personal Information Protection Commission (PIPC) imposed a record fine of 134 billion won (approximately $96.53 million USD or 6.88 billion RMB) on SKT.

The PIPC cited SKT’s failure to uphold its duty to implement adequate security safeguards and its delayed disclosure of the breach to customers as the primary reasons for the penalty. Regulators further noted that SKT’s systems were alarmingly vulnerable: attackers were able to access the internal network directly from the public internet; several servers lacked passwords or basic defenses; and the operating systems in use were outdated and missing critical patches.

In addition to the fine, SKT has been ordered to strengthen its governance and compliance structures in line with enhanced information protection regulations. The company has since acknowledged its responsibility, declaring that the protection of customer data will henceforth be treated as its highest priority.

Related Posts:

• Three-Year Intrusion: SK Telecom Breach Exposes 27 Million User Records
• CVE-2022-2961: Linux Kernel Privilege Escalation Vulnerability
• Unpatched Telecom Flaws (CVSS 9.8) Enable Remote Code Execution: Critical Buffer Overflows Expose Core Infrastructure
• Google faces a record EU fine
• EU fines Google for $5 billion on Android monopoly

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy