SK Telecom, South Korea’s largest mobile carrier with approximately 23 million subscribers, has announced a free replacement of SIM cards for all customers following a significant cyberattack that compromised sensitive user data. ​SK Telecom SIM card hack

On April 19, 2025, SK Telecom’s internal systems were infiltrated by malware, leading to unauthorized access to critical information stored on users’ SIM cards. This included data such as the International Mobile Subscriber Identity (IMSI), International Mobile Equipment Identity (IMEI), and USIM authentication keys. Although the company reported that no personal details like resident registration numbers or bank account information were compromised, the breach raised concerns about potential SIM-swapping attacks.

“We sincerely apologize for the great inconvenience and concern caused to our customers and society,” said CEO Yoo Young-sang at a briefing held at the company’s headquarters in Jung District, central Seoul. “We will implement an additional measure allowing all SK Telecom users to replace their SIM cards free of charge, should they wish to do so.”

Company’s Response

The replacement service will begin at 10 a.m. on April 28 and will include eSIMs, an embedded form of the SIM. Any customer who was subscribed to SK Telecom as of midnight on April 18, when the company first became aware of the breach, can visit any T World store or airport roaming center nationwide to receive a new SIM card.

Customers who replaced their SIMs at their own expense between last Saturday and this Sunday will also be reimbursed for the full cost retroactively.

Additionally, SK Telecom has introduced a USIM protection service that blocks abnormal authentication attempts, preventing unauthorized use of a customer’s SIM card. This service is available for free via the company’s website or mobile application. Within three days of its launch, approximately 2.6 million users had subscribed to this service.

Broader Implications

The breach has heightened concerns about SIM-swapping attacks, where attackers exploit leaked SIM information to intercept calls and messages, potentially gaining access to sensitive accounts such as mobile banking and social media. In 2022, South Korea reported over 40 SIM-swapping cases, resulting in significant financial losses for victims. ​

In light of the incident, other organizations, including the cryptocurrency exchange Bithumb, have enhanced their security measures, implementing real-time monitoring for SIM forgery and advising users to replace their SIM cards if they are identified as part of the data leak.

SK Telecom has reported the breach to the Korea Internet & Security Agency and the Personal Information Protection Committee. A joint investigation with the Ministry of Science and ICT is underway to determine the full extent of the breach and to implement measures to prevent future incidents.

Final thoughts about SK Telecom SIM card hack

This incident highlights a critical vulnerability at the intersection of telecom infrastructure and personal cybersecurity. It shows that even well-established carriers like SK Telecom are not immune to sophisticated threats targeting SIM data—long treated as secure by design. Moving forward, mobile operators must treat SIM-level security as a frontline priority, not an afterthought, especially as SIM credentials increasingly serve as digital identity keys across banking, crypto, and cloud ecosystems.