Blogs Dark Web Monitoring SK Telecom SIM Data ...

SK Telecom SIM Data Breach: First Major SIM Info Leak

  • By Farrukh Mushtaq

    Farrukh Mushtaq

    Author Image

    Farrukh Mushtaq, a digital marketer at PureSquare, possesses a keen interest in cybersecurity and enjoys writing about it. With several years of experience in the digital marketing industry, he brings expertise and passion to his work.

    See author profile

  • 24 April 2025
  • 12 mins read

Table of Content

Table of Contents
BFCM Sidebar

Telecom networks are emerging as high-value targets for threat actors. South Korea, SK Telecom (SKT), the country’s leading mobile operator, has confirmed a breach involving the leakage of SIM (USIM) subscriber information.

This is the first time such data has been compromised at scale in South Korea, raising urgent questions about SIM card security and the risk of identity theft and SIM swapping fraud.

Let’s discuss what happened, what was exposed, and what SKT and its subscribers can do to respond.

Discover if Your Most Critical Identifiers Have Been Exposed on the Dark Web

Receive timely alerts and actionable insights with PurePrivacy's Dark Web Monitoring.

Check if your email is on the dark web.

Please enter a valid email.

What Happened in the SK Telecom Data Breach?

On April 19th, 2025, at around 11 PM KST, SK Telecom’s internal systems were infiltrated via a malicious code injection attack. The breach resulted in unauthorized access to sensitive SIM-related information, specifically the:

  • International Mobile Subscriber Identity (IMSI) and
  • International Mobile Equipment Identity (IMEI) numbers of some users.

Although SKT confirmed that no personally identifiable information (PII), such as names, national IDs, or addresses, was leaked, the exposure of IMSI and IMEI numbers is serious.

These identifiers are used to authenticate users on mobile networks, and in the wrong hands, can be exploited to gain unauthorized control over phone lines.

What Happened in the SK Telecom Data Breach

What are the Risks of the SKT SIM Leak?

The breach introduces several risks that customers and industry players must take seriously:

1. SIM Swapping Fraud

With access to IMSI and IMEI data, attackers may attempt to convince telecom operators to issue duplicate SIMs, gaining control over calls, SMS, and two-factor authentication codes.

2. Account Takeover

If attackers manage to intercept two-factor authentication messages, they could gain access to banking, email, or social media accounts.

3. Mobile Network Spoofing

Leaked device identifiers could be used to impersonate legitimate users on the network, increasing the likelihood of targeted surveillance or data interception.

How Has SK Telecom Responded?

SK Telecom has taken the following measures:

  1. Incident reporting to the Korea Internet & Security Agency (KISA)
  2. System isolation to contain the breach
  3. Free subscription to SIM Protection Service, which blocks SIM changes and restricts roaming
  4. Customer advisories to activate SIM PIN codes on their devices
  5. Offer of SIM card replacement, though currently deemed precautionary rather than mandatory
How Has SK Telecom Responded

What Should You Do If You Are a Part of the SKT Breach?

If you are an SKT customer, take the following actions immediately:

  1. Activate SIM Card Lock

Set a SIM PIN via your device settings:

  • Android: Settings > Biometrics & Security > SIM Card Lock
  • iOS: Settings > Cellular > SIM PIN
  1. Enable 2FA Everywhere

Use two-factor authentication apps (like Google Authenticator or Authy) instead of SMS when possible.

  1. Monitor for Connectivity Issues

A sudden loss of mobile service could indicate unauthorized SIM duplication.

  1. Consider Replacing Your SIM

If you are particularly concerned, replacing your SIM card can nullify the compromised IMSI/IMEI data.

  1. Enable Dark Web Monitoring to Track PII Exposure

Consider PurePrivacy Dark Web Monitoring to check whether your PII is being traded online after the breach.

Here's how you can use Dark Web Monitoring:

  1. Sign up for PureMax.
  2. Download and install the PurePrivacy app.
  3. Log in to your account and click Dark Web Monitoring.
Enable Dark Web Monitoring to Track PII Exposure
  1. Select Add Assets to Monitor and enter your email address, SSN/NIN, credit card number, passport number, and phone number in the respective fields.
  2. Enter the code sent to your registered number to verify your identity, and you’re done.
  3. Follow the recommended measures if your personal data is part of a breach to protect yourself from further harm.
Enter the code sent to your registered number

Frequently Asked Questions (FAQs)

  • Was personal data, like names or ID numbers, leaked in the SK breach?

    Plus

    No. SKT confirmed that no PII was compromised; only SIM-related identifiers were a part of the breach.

  • Can IMSI/IMEI alone enable SIM cloning?

    Plus

    IMSI and IMEI are not likely to enable SIM cloning on their own. Hackers usually require additional personal data for successful fraud attempts.

  • Is SKT offering any compensation after a breach?

    Plus

    As of now, no financial compensation is being offered, but SIM protection services are free to subscribers.

  • Is a SIM swapping attack common?

    Plus

    Globally, SIM swapping incidents are increasing. In the U.S. alone, such attacks have risen by 400% between 2018 and 2021.

Wrap Up

Telecom security infrastructure must be proactive when it comes to handling user data. While no personal data was leaked, the exposed IMSI and IMEI numbers can be used for larger fraud schemes. Stay vigilant, secure your SIM with a PIN, and monitor your mobile account for suspicious behavior.

Related Blogs

Comments