Executives bowed their heads and apologized (pictured) at a press briefing held on Friday by SK Telecom, one of the leading operators in South Korea, after the discovery that their Home Subscriber Server (HSS) had been infected with malware seven days earlier. The HSS is a highly sensitive database containing information about user identity and security. At the briefing, CEO Yoo Young-sang expressed deep regret and promised a free replacement SIM for any of the telco’s 23 million customers that want one. This was the latest in a string of announcements designed to restore public confidence, which seems to have been badly shaken by the news.
News of the hack was first announced on April 22. That announcement stated that some SIM-related information had leaked on April 19 but that the malware was deleted immediately afterward, and that the suspected hacking device had been isolated. No examples of misuse were said to have been detected, and monitoring activities had been heightened in order to block unauthorized SIM changes and abnormal authentication attempts. Customers of SK Telecom were also offered a free subscription to the company’s SIM protection service, which is meant to block network access if a SIM card is inserted into a device that does not match the registered information for that user.
It since appears that SK Telecom underestimated the public’s willingness to accept these reassurances. Approximately 45% of South Korea’s population are customers of SK Telecom and a steady diet of news about scams has made them wary of the consequences of losing control of their phone service or other accounts. A story about a woman who tracked the leader of a voice phishing gang was one of the highest-grossing Korean films of 2024 and a more recent Korean film depicts a near future where scammers use AI to recreate the voice and appearance of a dead person.
Koreans are right to be wary of the consequences of a compromised HSS. Security expert Silke Holtmanns explained on LinkedIn:
The HSS is THE subscriber database in a 4G network, it contains the cryptographic key that is the foundation for securing the communication and is the baseline for authentication. An HSS outage or problem can affect a large amount of subscribers and is a serious issue. The HSS knows if you are roaming, if you are member of a mission critical group, the SMSC you are using (SMS interception risk), the data server (SGSN) you are using (redirection attack risk), MSISDN, IMEISV (Phone id + software version) just to mention some…
On Thursday April 24 there was a follow-up announcement from SK Telecom that said over one million new users had signed up to use their SIM protection service during the previous day, but which also promised to make the service easier to obtain. Multiple media stories had already referred to dissatisfaction with the SIM protection service because of difficulties with registering for it and the service’s incompatibility with international roaming. New enhancements included longer evening hours for the protection service’s contact center and the promise that vulnerable customers had been contacted directly to provide them with advice about how to protect themselves. The free service was also extended to customers of budget MVNOs that use SK Telecom’s network. In addition, a new 24-hour cyber security hotline was launched.
But this evidently was not enough to appease the public. Friday’s announcement went further by committing the firm to:
- free SIM replacements for any customers who ask in person at a store or airport roaming center;
- automatic refunds for customers who paid for a replacement SIM following the breach, including customers of the budget MVNOs; and
- making the SIM protection service compatible with roaming by May.
The announcement also reported that another million people had subscribed to the SIM protection service, bringing the total number of subscribers to 2.4 million, approximately 10% of SK Telecom’s user base, including the 400,000 users who were already subscribed before the HSS breach occurred.
No disclosures have been made about the hackers or their methods. CEO Yoo Young-sang addressed this topic at the Friday press briefing by referring to the time needed to complete investigations.
존경하는 고객 여러분, 그리고 여기 계신 언론인 여러분
오늘 이 자리에서 고객분들과 기자님들이 가지고 계신 궁금증과 불안을 모두 해소해 드리고 싶지만, 사고의 원인과 규모 등에 대한 정부 조사가 이제 시작된 상황입니다.
추후 사고의 원인과 피해 규모를 비롯해 자세한 조사 결과가 나오는 대로 제가 직접 추가 조치 방안 등을 설명 드리는 자리를 다시 한번 갖도록 하겠습니다. 그 자리에서는 그동안 궁금하셨을 사안에 대해 충분한 시간을 가지고 자세히 설명 드리겠습니다.
Dear customers and members of the press here,
I would like to address all the questions and concerns that customers and reporters have here today, but the government investigation into the cause and scale of the accident has only just begun.
As soon as the detailed investigation results, including the cause of the accident and the extent of the damage, are released, I will hold another meeting to personally explain the additional measures, etc. At that meeting, I will take the time to explain in detail the issues you may have been curious about.
SK Telecom is already accused of taking too long to meet their obligations, having failed to satisfy the 24-hour deadline for reporting the breach to the Korea Internet & Security Agency (KISA). South Korea would not be the only country that struggles to impose data protection discipline upon telcos; the USA’s dysfunctional regulatory regime has been thrown into further chaos by the argument that American telcos have a constitutional right to a trial by jury before they can be punished for privacy breaches. In the absence of robust enforcement of rules, CEOs like Yoo Young-sang know that the objective is to ride out the storm of negative publicity and trust that customers will forget about their fears and resume their previous behaviors before long. That is why his speech on Friday ended with the same kinds of words that have too often been heard following other breaches made by telcos.
앞으로 SK텔레콤은 고객의 신뢰를 최우선으로 생각하며 이와 같은 일이 다시는 재발하지 않도록 보안 체계를 더욱 강화하고, 고객 정보 보호 강화 방안도 마련해 나가겠습니다. 이번 사태를 통해 다시 한 번 기본에 충실하고 책임 있는 기업으로 거듭나겠습니다.
다시 한 번 진심으로 사과드립니다.
Going forward, SK Telecom will place the highest priority on customer trust, and will further strengthen its security system and establish measures to protect customer information so that such incidents will not occur again. Through this incident, we will once again become a company that is faithful to the basics and responsible.
Once again, I sincerely apologize.
SK Telecom’s FAQ about the breach is here. The full text of Yoo Young-sang’s statement at the press briefing is here.



