SK Telecom Suffers Data Breach, South Korea Enforces Strict Cybersecurity Measures

• South Korea announced the implementation of more cybersecurity measures following the April SKT breach.
• Among these are an increased frequency of security audits and the direct oversight of data governance practices.
• More resources are to be allocated to personnel and technology dedicated to data security.

The South Korean government has issued a strong response to a significant cybersecurity breach at SK Telecom (SKT), the nation’s largest mobile carrier, which resulted in the leakage of 26.96 million pieces of user data. 

The data breach, attributed to a malware attack disclosed in April, has triggered concerns about data security across the country’s telecommunications sector.  

South Korea's Ministry of Science and ICT announced a penalty of 30 million won (approximately US $21,970) against SK Telecom. Alongside the fine, the ministry has mandated a series of stringent measures to bolster the company’s cybersecurity framework. 

These include conducting security audits at least once every quarter, appointing the Chief Executive Officer to directly oversee data governance practices, and allocating more resources to personnel and technology dedicated to data security.  

Science Minister Yoo Sang-im emphasized that the breach represents a crucial "wake-up call" for reinforcing information protection not only in the telecommunications industry but also across broader network infrastructure. 

The ministry said almost 10 GB of data was compromised, 33 types of malware infected SKT servers, including BPFDoor, and 25 types of USIM-related data leaked – including phone numbers and 27 million International Mobile Subscriber Identity (IMSI) records.

From SK Telecom's 23 million customers, nearly 1 million users switched carriers. On Friday, the government proposed exempting early termination fees for users who have moved to other mobile carriers due to the breach.

Responding to the incident, SK Group Chairman Chey Tae-won issued a public apology, acknowledging the severity of the security lapse. 

To address customer concerns, SK Telecom has pledged to replace USIMs free of charge for all affected users, a service now available at over 2,600 retail outlets nationwide. 

This breach has also reignited conversations around data governance in South Korea, pushing companies to prioritize cybersecurity investments and compliance in their operational strategies.