On April 22, 2025, a massive data breach occurred when a hacker infiltrated SK Telecom’s home subscriber server system with malicious code. Sensitive subscriber information related to USIM cards was leaked, including four types of data that can be used to duplicate USIMs—such as IMIS, ICCID, and USIM authentication keys—as well as 21 types of internal SKT management data used in USIM processing.
With over 20 million out of 50 million citizens in South Korea using SKT, the scale of this incident is beyond imagination. One victim even reported financial damage of 50 million won, throwing the entire nation into confusion and fear.
How Did the Company Respond?
SKT issued an official apology three days after the incident, on April 25. Despite the severity of the breach, the company remained silent for days, eventually notifying customers only through a pop-up on the T World mobile app.
On April 27, SKT released a customer statement requesting users to subscribe to a “USIM Protection Service.” They claimed that if a customer subscribed to the service and still experienced damage, the company would take full responsibility. SKT also urged users to make online reservations before visiting stores to replace their USIMs.
This statement sparked greater outrage, as it seen as pushing responsibility onto customers. Citizens were particularly frustrated by the suggestion that unless they took the initiative to subscribe to the service themselves, they would not be eligible for full compensation. Long lines have now formed at SKT stores nationwide as people rush to replace their USIM cards.
Person interview
20s Female “I felt extremely anxious… Not just because of the money in my account, but also because I saw reports that loans could be issued in someone’s name using the leaked information. I wanted to replace my USIM immediately, but when I tried to apply for the protection service first, I was told it wasn’t available for my plan. When I went to the store, they said I had to make a reservation. The response has been totally inadequate and it’s worrying.”
20s Female “What bothered me the most was the company’s attitude. This incident was clearly the company’s fault—so why are we the ones standing in line to fix it? Our money and personal information are at stake, yet their compensation plan is weak. I’m seriously considering switching telecom providers.”
When an incident occurs, swift and responsible action is essential. What frustrated victims most wasn’t just the breach itself, but the delayed response, vagueapologies, and attempts to deflect responsibility. This is a clear case that illustrates the importance of crisis communication. As the Korean proverb goes, “The more the rice ripens, the lower it bows.” In other words, the higher the position, the more humility and accountability one should demonstrate. I hope this case leads to meaningful changes in policy and legal regulations surrounding personal data protection.
US ASIA JOURNAL K-UNIV REPORTER
LIYEON KIM
