- SK Telecom suspended new sign-ups amid a USIM card shortage after a cyberattack compromised data of 25 million users.
- The breach has prompted a surge in SIM replacements and legal action, with over 75,000 customers joining a class-action forum.
Massive data breach triggers SIM card crisis
On 18 April 2025, SK Telecom, South Korea’s leading mobile network operator, detected a cyberattack that compromised sensitive Universal Subscriber Identity Module (USIM) data of approximately 25 million users, including those on budget carriers using its infrastructure. The breach involved the theft of critical identifiers such as IMSI, IMEI, and authentication keys, raising concerns over potential SIM cloning and identity theft.
In response, SK Telecom initiated a nationwide programme offering free USIM card replacements to all affected customers. However, the initiative faced immediate challenges due to a limited supply of replacement cards, leading to long queues and customer frustration. As of early May, only about 1 million subscribers had replaced their USIMs, while another 7.7 million had registered for replacements.
To mitigate risks, the company also launched a USIM Protection Service, enrolling over 22 million users by 5 May.Despite these efforts, the South Korean government ordered SK Telecom to suspend new subscriber sign-ups until the USIM shortage was resolved and mandated the company to notify all potentially affected users individually, as required by law.
Also read: Orange Group probes cyberattack after data breach
Also read: Watering hole cyberattacks increase, warns APNIC
Why it’s important
The breach has significant implications for cybersecurity and consumer trust in South Korea’s telecommunications sector.The stolen USIM data could enable attackers to perform SIM swapping attacks, allowing unauthorized access to personal accounts and sensitive information. Public response has been swift, with over 75,000 customers joining a class-action forum to seek legal recourse.Additionally, the incident has driven customers toward budget mobile carriers, with some reporting a surge in USIM sales exceeding 1,000% in the days following the breach.
SK Telecom’s handling of the breach has drawn criticism for inadequate communication and insufficient support for vulnerable populations, such as the elderly and disabled. The government’s intervention underscores the necessity for robust data protection measures and transparent crisis management in the face of growing cyber threats.