How SK Telecom’s USIM Hacking Incident Unfolded
In late April 2025, SK Telecom faced a significant security breach as USIM (Universal Subscriber Identity Module) information was hacked, affecting millions of customers. On May 5, the company halted all new subscriptions to mitigate further damage. During a press briefing, SK Telecom disclosed that approximately 1 million USIM cards had been replaced, with a waiting list of 7.7 million customers. However, given that the daily capacity of USIM replacements at nationwide stores is capped at 200,000, the supply could not meet the overwhelming demand.
Efforts to Address USIM Supply and Demand
SK Telecom unveiled plans to improve USIM supply, promising to provide additional USIMs to local dealers after public holidays and to secure 5 million more USIMs by the end of the month. Despite these announcements, many customers report that such measures have not yet been effectively realized in practice. The disconnect between corporate announcements and customer experiences has intensified frustration among users.
Customer Dissatisfaction with Replacement Delays
As demand surged, SK Telecom implemented a reservation system for orderly USIM replacements. However, numerous customers have complained about receiving no follow-up communication for days after booking their replacements. One customer lamented, “I applied immediately after the reservation system opened, but I still haven’t heard when I can replace my USIM.”
Additionally, customers express dismay over the first-come, first-served process at stores, which leads to disappointment for those unable to secure service during limited availability times. For instance, a working professional recounted visiting a dealer during lunch only to find all tickets had been distributed, leading to a futile attempt.
Comparison with Competitor Services
Some customers using budget phone services have criticized SK Telecom’s slower response in comparison, noting that they received replacement USIM cards via courier within a week. This has raised questions about SK Telecom’s capacity to handle large-scale customer service demands effectively.
Legal Perspectives on Contractual Penalties
This breach has prompted some customers to consider switching service providers, but contractual penalties are a deterrent. The National Assembly Legislative Research Service suggested that if the hacking was due to SK Telecom’s negligence, customers could be exempt from penalties if they choose to terminate their contracts. However, SK Telecom has yet to provide a definitive stance, stating only that the matter is under internal review, leaving customers in uncertainty.
Rising Consumer Action and Legal Proceedings
Consumer dissatisfaction has led to organized action, with an online group titled “SK Telecom Data Breach Class Action” gaining over 1,000 new members in a day, totaling over 70,000 members. Approximately 600 members have expressed interest in joining a lawsuit. Within the group, users criticize the lack of transparency in SK Telecom’s reservation system, describing it as uninformative and causing additional stress.
Government Intervention and Legislative Scrutiny
The National Assembly’s Science, Technology, Information and Broadcasting Committee has scheduled a hearing for May 8 to address the SK Telecom hacking incident. The session is poised to cover the hacking’s specifics, response strategies, data leak liabilities, penalty waivers, and compensation plans. SK Group Chairman Chey Tae-won has been summoned as a witness, underscoring the seriousness of the issue, which extends beyond technical challenges to corporate governance and accountability.
Lessons from Similar Incidents and Future Implications
Analogous to this incident is the 2023 KT data breach, where swift apologies and compensation, including service discounts and gifts, helped mitigate the crisis. KT also conducted comprehensive security audits through external consultants to prevent recurrence. For SK Telecom, restoring customer trust requires transparent communication about the breach, detailed preventive measures, and tangible compensation like penalty waivers.
As the situation develops, the outcome of the parliamentary hearing and public sentiment will likely shape the resolution. Should SK Telecom fail to demonstrate a commitment to customer satisfaction and effective crisis management, it risks class-action lawsuits and customer loss. Conversely, proactive measures could enhance its crisis management reputation.
Conclusion and Expectations
This incident underscores the critical need for robust consumer protection mechanisms and industry standards to prevent future breaches. Observers await the outcome of the parliamentary hearing with expectations for comprehensive policy discussions aimed at enhancing consumer rights and corporate accountability in the telecommunications sector.