SK Telecom warns customer USIM data exposed in malware attack

South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers.

SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.

The company says they detected malware on their systems at 11 PM local time on Saturday, April 19, 2025, in a weekend cyberattack when most organizations are understaffed.

“Once we became aware of the possible leak, we immediately deleted the malware and isolated the equipment suspected of being hacked,” reads the security notice.

“As of now, there have been no confirmed cases of the leaked information being misused.”

The breach was reported to the Korea Internet & Security Agency (KISA) the following day, and the country’s Personal Information Protection Commission was notified earlier today.

Investigations are underway, and the compromise’s exact cause, scale, or scope has not yet been determined.

USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM.

This data could be used for targeted surveillance, tracking, and SIM-swap attacks.

While SK Telecom says there is no evidence that the leaked data has been abused, the company has strengthened blocks of USIM swaps and abnormal authentication attempts and will immediately suspend service for accounts linked to suspicious activity.

Subscribers are recommended to sign up for USIM protection service through this portal, which blocks mobile numbers from being ported to another SIM card when enabled.

At the time of writing, no threat actors have taken responsibility for the attack at SK Telecom.