On April 22, 2025, SK Telecom (one of the largest telecommunication companies in South Korea) officially reported to Korea Internet & Security Agency that USIM information of 25 million customers had been compromised. The hack targeted SK Telecom's Home Subscriber Server (a cenrtral database server containing customer information), and the leaded data volume amounts to 9.7GB - making it an unprecedented security breach in the history of mobile network operators.
On April 25, 2025, the CEO of SK Telecom issued a formal apology and announded a plan for free USIM replcaements.
On April 29, 2025, SK Telecom and a joint public-private investigation team released an initial investigation report. According to the report, the leaked data includes the IMSI and KI identities, but no IMEI information was confirmed to have been exposed.
In principle, USIM can be cloned with IMSI(a unique identifier assigned to each mobile subscriber) and KI(a secret key).
SK Telecom recommended that customers subscribe to its USIM protection service. This service uses the device's unique identifier (IMEI) to detect and block the use of a USIM card on any device other than the one currently registerd.
However, this is merely a secondary safeguard - similar to two-factor-authentication - and not a fundamental solution. Given that the IMSI and KI have already been leaked, replacing the USIM card will be the most effective and secure course of action.
For example, USIM protection service will be ineffective if a hacker can modify IMEI value of the device. (While device manufacturers like Samsung and Apple implement strong protections against IMEI tampering, who knows it is really unbreakable?)
On April 30, 2025, the National Assembly's Science,ICT,Broadcasting and Coomunications Committee held a hearing. Accroding to the hearing. It was confirmed that SK Telecom detected signs of the data breach as early as the night of April 19. However, there are suspictions that SK Telecom attempted to downplay or conceal the scale of the incident - delaying a full and proper response process.
Once a hacker successfully clones a SIM card, he can bypass any mobile-dependent authentications, leading to attacks such as changing account passwords, transact cryptocurrency, gaining access to sensitive services (e.g. banking, messangers) and etc.