A joint government–private investigation has found SK Telecom’s data breach was far larger than first disclosed, exposing SIM data for nearly 27 million users, authorities said on May 19.
The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) reported that investigators have now identified 23 malware-infected servers—up from five in April—and uncovered 25 distinct malware variants, up from four.
The hackers siphoned 26.95 million IMSI (International Mobile Subscriber Identity) records, exceeding SK Telecom’s roughly 25 million-customer base, suggesting that ex-subscribers on rival networks like KT and LG Uplus may also be affected. SK Telecom clarified that the tally includes SIMs in smartphones, smartwatches and IoT devices, and denied any former-customer data was leaked.
Officials also flagged potential exposure of names, birthdates, phone numbers, email addresses and device IMEI codes after finding two servers that temporarily stored such data—including 291,831 IMEI entries. While no exfiltration occurred from December 2024 to April 2025, investigators cannot rule out leaks between June 2022 and December 2024, when the malware was active.
If IMEIs were stolen alongside IMSIs, the risk of SIM cloning could rise, despite SK Telecom’s USIM-lock service. Experts advise affected users to replace their SIM cards. A government spokesman added that SK Telecom’s new fraud-detection system (FDS) should block misuse of any leaked information.
The Ministry instructed SK Telecom on May 11 to audit for further leaks and mitigate risks, and notified the Personal Information Protection Commission on May 13 of possible personal data compromises.
