SK Telecom struck a fine of $ 97 million on a massive data leakage

SK Telecom underwent a violation of data discovered in April 2025
This affected around 27 million people
The company has been sentenced to a fine for it and will have to make significant changes to its operations

SK Telecom (SKT), one of the largest telecommunications service providers in South Korea, was sentenced to a fine of almost $ 100 million for having failed to protect user data.

In April 2025, the company discovered a breach of malware that allowed threat actors to hide in its systems for years. Some researchers even claim that the attack began in August 2021.

The disbelievers targeted the SKT (HSS) home subscriber server (HSS) and other critical infrastructure, exposing sensitive data from subscribers, including USIM authentication keys, international mobile subscribers (IMSI) identity issues, IMEI peripheral identifiers, telephone numbers, email addresses and possibly other personal data.

“Very low condition”

About 27 million people were affected by the violation.

Now PK Press Club reports that the Government Personal Information Protection Committee has published a statement, confirming the fine of around 134 billion WONS ($ 96.53 million) to “neglect its duty to take security measures” and for “delays in the notification of leakage to customers”.

The declaration also claims that SKT systems were in a “very low condition” which allowed the actors of the threat to access the company’s intranet. There were no passwords or other security measures, defending servers from external influence, and operating systems were obsolete and running without the latest security fixes.

In addition to being obliged to pay the fine, the company will also have to “strengthen the safety rules on information protection” and reorganize its governance.

Responding to a PK Press Club survey, SK Telecom said that it “looked like a great responsibility” and would protect customer information an “absolute priority”.

In response, he launched an “information security innovation plan”, which includes the implementation of zero-frust architecture, widening encryption, training a red team, elevation of the role of the CISO to report directly to the CEO and the addition of cybersecurity experts to the board of directors.

Customers received free USIM card replacements and received a 50% reduction in August subscription fees. In addition, whoever wanted to cancel their contract prematurely was authorized to do so at no additional cost.

Via PK Press Club

Must Read

Leave a Comment Cancel Reply