South Korean telecom giant SK Telecom has confirmed a suspected leak of user USIM (universal subscriber identity module) information following a hacking incident and has reported the incident to relevant authorities.
The USIM chip is a subscriber identification tool used to assign phone numbers to mobile users. The mobile carrier emphasized that the leaked data does not include sensitive personal information such as resident registration numbers or payment details. While there are no confirmed cases of the stolen data being misused, concerns remain that the fallout could escalate depending on the findings of the ongoing government investigation.
According to SK Telecom, the breach was detected around 11 p.m. on April 19, when signs of malicious code targeting USIM-related systems were identified. The company said it immediately removed the malware and isolated affected devices.
The incident was reported to the Korea Internet & Security Agency (KISA) the following day, and to the Personal Information Protection Commission (PIPC) on April 22. SK Telecom said it is actively cooperating with authorities. Telecommunications regulators, including the Ministry of Science and ICT, are expected to conduct an on-site inspection of the company’s headquarters in central Seoul.
SK Telecom has yet to disclose the scale of the breach. “A forensic investigation is underway, but due to the nature of cyberattacks, it’s difficult to determine the full extent of the leak in a short time,” the company said. “We will provide further details as the joint investigation progresses.”
