Home > Business > Industry

SK Telecom hit with $643M loss in market cap, mass user exodus amid SIM breach

Published: 29 Apr. 2025, 17:25

LEE JAE-LIM
[email protected]

SK Telecom subscribers are lined up in front of the mobile carrier’s branch in Seoul during lunchtime on April 29 to replace their SIM cards. [YONHAP]

[NEWS ANALYSIS]

From an exodus of subscribers and market cap evaporation worth 923.6 billion won ($643.2 million), a security breach on SK Telecom's (SKT) SIM cards is dealing a heavy blow to the country's largest wireless carrier.

The breach, first detected by the carrier on April 18, has escalated into a nationwide scramble for SIM card replacements to guard against risks such as phone cloning and financial fraud stemming from leaked data.

Some 34,132 subscribers switched their mobile plans to rival carriers KT and LG U+ on Tuesday, according to JoongAng Ilbo, an affiliate of the Korea JoongAng Daily. The figure is expected to be higher if including exits of budget phone users which utilized the SKT network, which were not tallied in the data.

Shares of SKT are sliding this week amid a surge in customer complaints over SIM card shortages and growing concerns across both private and public sectors about potential data breaches. Shares sunk 6.75 percent on Monday, followed by a further drop of 0.93 percent to close at 53,400 won on Tuesday.

Meanwhile, rival carriers KT and LG U+ scored 52-week highs on the Kospi bourse to close at 51,600 won and 11,960 won respectively.

Nationwide fiasco

A class-action movement is gaining momentum among SKT subscribers, with users preparing to take legal action and boycott the service. In just three days since its launch on Sunday, more than 49,000 people have joined a Naver Cafe community supporting the effort.

A screen capture of a Naver Cafe community established on April 27 that gathers SK Telecom subscribers preparing to file legal suit against data breach and to boycott telecom services [SCREEN CAPTURE]

Government agencies and public institutions were the first to receive directives from the national intelligence agency to have SIM cards in business-use wireless devices, including mobile phones, tablets, and 4G and 5G mobile hotspots reissued, according to Yonhap News Agency.

The National Police Agency signed a strategic partnership with SKT on April 25 to expedite SIM card replacements for business-use smartphones once supply is secured. All corporate devices have been subscribed to protection services offered by the three major carriers to prevent further data leaks.

Conglomerates such as Hyundai Motor is working to secure SIM cards for high-level executives, even providing in-house replacement services to those needed from Monday. Samsung Electronics ordered executives to “instantly” exchange SKT SIM cards, while replacement directives were given to employees at major companies of national interest such as HD Hyundai, Hanwha, Naver and Kakao.

Impacts of SKT’s data breach are being felt nationwide-scale as the mobile carrier accounted for nearly 44 percent of the domestic mobile market share in February 2025, or 24.97 million subscribers.

Analysts predict that SKT’s share prices will recover if the crisis could be contained to the one-off cost burden of replacing the SIM cards.

“Investor sentiment is unlikely to recover until concerns over large-scale subscriber losses subside,” said Shinhan Securities analyst Kim Aram. “Telecom stock prices tend to move based on earnings, regulatory risks and shareholder returns. If the financial impact remains within 100 to 200 billion won, which is the presumed calculation for 25 million subscribers plus a potential fine in the hundreds of billions of won, SKT’s current shareholder return policy will likely stay intact.”

Lax security management?

One factor behind the hacking incident is SKT’s relatively low investment in data protection compared to its competitors — a disparity that has drawn sharp attention amid growing concerns over data security.

According to the Korea Internet & Security Agency (KISA), SKT invested 60 billion won in data protection in 2024, accounting for just 4.1 percent of its annual operating profit. In comparison, KT invested 121.75 billion won, while LG U+ committed 63.17 billion won to the same area.

Why did this happen?

A joint public-private investigation led by the Ministry of Science and ICT will reveal the causes, which is expected to take one or two months. The amount of information leaked through the hacking attack totaled 9.7 gigabytes, according to a report submitted by SKT to Rep. Choi Min-hee who chairs the National Assembly’s Science, Technology, Information, Broadcasting and Communications Committee on Tuesday.

Choi illustrated the scale by noting that this volume is equivalent to approximately 9,000 books, or about 2.7 million pages of documents. According to the report, SKT first detected abnormal traffic indicating data exfiltration at its security monitoring center at 11:20 p.m. on April 18.

By 1:40 a.m. on April 19, the company had isolated the compromised billing analysis equipment infected with malware and had begun analyzing the intrusion path and the extent of the data breach.

Later that same day, at 11:40 p.m., SKT identified signs of a potential data leak from its Home Subscriber Server (HSS), which manages authentication for 4G and 5G subscribers during voice calls.

BY LEE JAE-LIM [[email protected]]