South Korean mobile operator SK Telecom has announced free SIM card replacements for 25 million of its mobile customers following a recent massive data leak. The company provides mobile communications to nearly half of South Korea’s population. An SK Telecom spokesman assured that no customer names, identification data or financial information was exposed. Due to the shortage, the operator will be able to replace no more than 6 million SIM cards in May.
Image source: unsplash.com
On April 19, the company discovered malware on its network that allowed attackers to steal Universal Subscriber Identity Module (USIM) data, which typically includes the International Mobile Subscriber Identity (IMSI), Mobile Station ISDN (MSISDN) number, authentication keys, network usage data, and SMS or contacts if stored on a SIM card.
The main risk from this leak is the ability to perform unauthorized number transfers to cloned SIM cards. SK Telecom assured customers that such requests would be automatically detected and blocked by its fraud detection system (FDS) and SIM protection service, which have been upgraded to counter the new threats.
SK Telecom currently offers free SIM card replacement to 25 million subscribers, but warns that due to a shortage of stock, no more than 6 million SIM cards will be replaced in May: “SK Telecom currently has 1 million SIM cards and plans to receive another 5 million by the end of May 2025.” The company recommends using the online booking system for scheduled replacements.
SK Telecom has published an FAQ about the incident, stating that the investigation into the exact cause and extent is still ongoing, but that “secondary damage or leaks on the darknet” have not yet been identified. The operator has warned that roaming services will be disabled for subscribers who have activated SIM card protection, but this feature will be improved in the near future and roaming will be available again. All customers will receive a personalized message with security instructions.