South Korea’s government has fined SK Telecom and ordered major improvements to its cybersecurity following a data breach that exposed 26.96 million pieces of user data.
Authorities found the telecom giant negligent in protecting USIM card information and mandated quarterly security checks, direct CEO oversight of data governance, and increased investment in cybersecurity.
In response, SK Telecom announced a five-year, 700 billion won ($513 million) plan to enhance data security and will offer a 50 percent subscription discount in August to all 24 million customers. The company also lowered its 2025 revenue forecast by 800 billion won due to breach-related costs of 500 billion won.
CEO Ryu Young-sang issued a formal apology, emphasizing the company’s commitment to customer trust and digital safety.
- KRW 700 Billion Investment in Cybersecurity
SK Telecom is investing KRW 700 billion over five years to build a world-class cybersecurity system based on the U.S. NIST Cybersecurity Framework. This includes system upgrades, expert hiring, and talent development.
- Creation of a Red Team and Governance Reform
To strengthen internal defenses, SK Telecom is forming a Red Team to proactively test and identify security vulnerabilities. It is also restructuring governance by elevating the Chief Information Security Officer (CISO) to report directly to the CEO and appointing a cybersecurity expert to its board.
- Zero Trust Architecture Implementation
SK Telecom is adopting a Zero Trust-based security framework across its operations. This includes strict authentication, network segmentation, AI-based monitoring, and encryption to ensure constant verification and minimal access privileges.
- ISMS-P Certification Expansion and Third-Party Validation
The company is expanding its ISMS-P certification to include all systems and infrastructures, not just key business platforms. It will also engage white-hat hackers and the Special Committee for Information Protection Innovation to conduct penetration testing and simulated cyberattacks.
- SIM Protection Services and FDS 2.0 Rollout
Post-incident, SK Telecom deployed SIM Protection Services and an upgraded Fraud Detection System (FDS 2.0) to detect and block unauthorized device/SIM activity using cross-verification of SIM and device attributes.
- Free SIM Replacement and SIM Reset Solution
To mitigate risks from SIM cloning, SK Telecom offered free SIM replacements (physical or eSIM) to all customers and introduced a SIM Reset option for software-based authentication updates without replacing physical cards.
- Zimperium Mobile Security for All Customers
Starting in the second half of 2025, SK Telecom will provide all customers with one year of free access to Zimperium, a military-grade mobile security solution to combat advanced threats.
- Cybersecurity Compensation Guarantee and Insurance Expansion
The company is introducing a new compensation guarantee system, with third-party oversight, for damage caused by SIM cloning. It is also increasing its cybersecurity insurance coverage from KRW 1 billion to KRW 100 billion.
- Customer Appreciation and Retention Programs
SK Telecom is offering a KRW 500 billion Customer Appreciation Package, including a 50 percent discount on August bills, 50 GB bonus data monthly, enhanced membership discounts, and benefit restoration for returning users.
- Waiver of Subscription Cancellation Fees
To rebuild trust, SK Telecom is waiving contract cancellation fees for affected customers who canceled or plan to cancel their subscriptions due to the incident, with conditions outlined on its T World website.
TelecomLead.com News Desk
