Link / Archive
Malware being put directly onto SIM cards reminds me of when Lenovo (I think) computers had malware pre-installed on them specifically to hack into WoW accounts to steal people's Gold to re-sell it.
Approximately 27 million user information records were confirmed to have been leaked in last month’s major universal subscriber identity module (USIM) data breach at SK Telecom, the government-private investigation team announced, Monday.
The figure surpasses SK Telecom’s total customer base of 25 million, likely making the incident one of the worst telecom security breaches in the country’s history.
According to the investigation team, a forensic analysis of around 30,000 SK Telecom servers revealed that 23 had been infected. Investigators identified 25 different types of malware during the probe. The leaked data amounts to 9.82 gigabytes and includes 26.95 million records, primarily containing International Mobile Subscriber Identity (IMSI) data — a critical identifier used to authenticate users on mobile networks.
The team also reported finding approximately 290,000 International Mobile Equipment Identity (IMEI) records on the compromised servers, raising concerns about the potential for USIM cloning or other cybercrimes using the leaked data.
In an initial investigation last month, the team stated that no IMEI data had been compromised. However, the latest findings confirmed that two of the infected servers contained sensitive personal information, including IMEI numbers, names, dates of birth, phone numbers and email addresses.
The team noted that firewall log records from Dec. 3, 2024, to April 24, 2025, did not confirm any data breaches. However, they added that the malware was first installed on June 15, 2022, and it remains unclear whether any data was leaked between that date and Dec. 2, 2024.
The team and SK Telecom initially said that the possibility of cybercrimes such as USIM cloning or swapping is extremely low because IMEI data, a 15-digit number assigned to all cellular-enabled devices to verify whether a device matches its USIM, was not leaked. However, the fresh findings showed that the possibility of an IMEI data breach cannot be ruled out.
After confirming that the servers containing personal information were infected, the team requested that the telecom conduct its own assessment of the data breach and devise measures to prevent further damage.
SK Telecom, whose customers account for nearly half of Korea’s population of 52 million, detected the cyberattack on April 18 and confirmed signs of a large-scale leak of USIM data. The company publicly disclosed the breach on April 22.
SK Group Chairman Chey Tae-won issued an apology for the incident.
Malware being put directly onto SIM cards reminds me of when Lenovo (I think) computers had malware pre-installed on them specifically to hack into WoW accounts to steal people's Gold to re-sell it.
