MenuMenu

  1. Home
  2. Around Asia
  3. Nearly 27 million mobile fingerprints leaked in South Korean telecom data breach: ministry

Nearly 27 million mobile fingerprints leaked in South Korean telecom data breach: ministry

According to the investigators, the first malware was found to have been installed on June 15, 2022.

Kan Hyeong-woo

Kan Hyeong-woo

The Korea Herald

AFP__20250428__43PC9WE__v1__HighRes__SkoreaTelecommunicationHacking1.jpg

A woman walks past the logo of SK telecom in front of its branch in Seoul on April 28, 2025. South Korea's largest carrier SK Telecom began on April 28, replacing USIM chips for its 23 million users following a data breach, prompting alarmed customers to form long queues for the replacements. PHOTO: AFP

May 20, 2025

SEOUL – A joint team of public and private investigators found that nearly 27 million units of international mobile subscriber identity, or IMSI, have been leaked from SK Telecom’s data breach, the Ministry of Science and ICT said Monday.

“The investigators confirmed that the amount of leaked (universal subscriber identity module, or USIM) information was 9.82 (gigabytes), which equals to about 26.69 million units of the IMSI,” said Choi Woo-hyuk, director general of the Cyber Security & Network Policy Bureau at the Science Ministry, in a press briefing to announce the interim findings of the probe at the Government Complex Seoul.

IMSI, which can be regarded as a mobile fingerprint, is a 15-digit or shorter number used to identify and authenticate each mobile subscriber on a cellular network.

As for SK Telecom’s 25 million subscribers being smaller than the number of leaked IMSIs, the officials explained that the number of IMSIs combines all universal subscriber identity modules, or USIMs, loaded onto not only smartphones but also smart watches and other connected devices using the Internet.

The authorities announced that they found 25 types of malware and 23 hacked servers so far, up 21 and 18, respectively, from the previous discoveries released by the joint investigation on April 29. Having completed the investigation of 15 servers through detailed assessments, such as forensic and log analysis, the authorities plan to finish the investigation of the remaining eight servers by the end of May.

According to the investigators, the first malware was found to have been installed on June 15, 2022. They added that no data was leaked between Dec. 2, 2024, and April 24, 2025. However, they could not confirm whether any data was leaked between June 15, 2022, and Dec. 2, 2024, a period without firewall log history.

Regarding the concerns over possible damages from copy phones, whether the information of international mobile equipment identity, or IMEI, a 15-digit serial number assigned to every mobile phone, was leaked or not drew serious worries among the public. Unlike the government’s previous announcement in April, the authorities confirmed during Monday’s briefing that they found a hacked server containing 291,831 units of IMEI.

According to investigators, there were no damage reports regarding the data breach at the country’s biggest telecom carrier yet. They added that phone makers say making copy phones just using the IMEI information is technically impossible.

“Given the types of malware and the methods used in this attack, it is clear that a far more sophisticated level of analysis and efforts are needed compared to what we’ve seen before,” said Ryu Je-myung, deputy minister of the Office of Network Policy. “That is why we are conducting this investigation with the utmost intensity, based on the judgment that unless we uncover every potential risk thoroughly, there could be even greater threats in the future.”

hwkan@heraldcorp.com

scroll to top