my timesThe Korea Times

The SKT hack: the real threat behind stolen data

Listen
gettyimagesbank

gettyimagesbank

The SK Telecom hack, revealed in April, marked a watershed moment for South Korea’s cybersecurity. In its wake, a flurry of proposals has been put forward to prevent similar large-scale data breaches.

Yet the discourse, focused narrowly on cybersecurity measures, risks missing the bigger picture. The consequences of stolen personal data — and its potential abuse — are far more dangerous than many can imagine. In today’s digital age, experts warn that cyberattacks of this scale can even pose a direct threat to national sovereignty.

Peter G. Kirchschlaeger, a professor of ethics at the University of Lucerne in Switzerland, emphasized the profound potential for misuse of stolen data, highlighting election interference as one of the most serious risks. With illegally harvested data, he explained, hackers can analyze users’ characteristics, interests and preferences to predict their thinking patterns and decisions.

“The hackers, or those who possess the stolen data, can manipulate people into buying certain products they’re promoting,” Kirchschlaeger said. He warned that the impact becomes even more devastating when the manipulation targets political outcomes.

Drawing on past examples such as the Brexit referendum and the 2016 U.S. presidential election, Kirchschlaeger argued that stolen personal data can be weaponized to influence voters. “One can manipulate voters by feeding them carefully selected content on social media or other platforms to steer them toward a preferred candidate,” he said.

The threat multiplies when artificial intelligence (AI) is involved. “AI knows exactly which buttons to press — how to tap into our desires or influence us to vote a certain way,” Kirchschlaeger added.

He observed that stolen data in the hands of state-sponsored actors has dangerous implications. It can be used to interfere in the domestic politics of foreign nations, undermining their democratic processes and sovereignty.

South Korea is still reeling from the fallout of the data breach that shocked the nation this spring. On April 22, SK Telecom made a bombshell announcement: Its universal subscriber identity module (USIM) system had been compromised by cyberattacks, putting the personal information of some 25 million subscribers at risk.

It was later revealed that state-sponsored Chinese hackers had infiltrated SK Telecom’s home subscriber server as early as June 2022. The company only disclosed the breach in April 2025, three days after detecting it.

In response, SK Telecom offered free USIM replacements to affected customers. SK Group Chairman Chey Tae-won issued a public apology two weeks after the disclosure, acknowledging the company’s delayed response and pledging full cooperation with the government-led investigation. He noted that the cyberattack had serious implications for national defense and security.

The incident has triggered a belated but urgent national conversation on cybersecurity. At the National Assembly, lawmakers criticized both SK Telecom and government officials for their slow and ineffective responses. One lawmaker compared the breach to a burglar obtaining a home’s door-lock code — making unauthorized entry all too easy.

People line up in Seoul on April 28 as SK Telecom offers free USIM replacements to affected customers. Yonhap

People line up in Seoul on April 28 as SK Telecom offers free USIM replacements to affected customers. Yonhap

Election interference

On Tuesday, Rep. Ku Ja-keun of the People Power Party submitted a revision bill proposing new requirements for investors to allocate a portion of their funds specifically for cybersecurity measures. “Cyberattacks on telecommunications infrastructure continue to occur, threatening not only customers’ personal data but also national security,” Ku said, emphasizing the urgency of passing his bill.

If enacted, the proposed measure may help mitigate data breaches — at least in part. However, strengthening cybersecurity alone does not guarantee protection against large-scale hacks.

There’s another crucial point South Korean policymakers must recognize: Not all cyberattacks are financially motivated.

Some hackers — especially those backed by state actors — target critical infrastructure not for profit, but for political or strategic reasons. These attacks are sometimes designed to interfere with domestic politics or disrupt electoral processes.

Park Bum-jin, an adjunct professor at Kyung Hee University, warned that South Korea must prepare for the possibility of political misuse of stolen personal data.

“I wouldn’t rule out the possibility that the hackers collected SKT customers’ personal information with the intent to create chaos before or after elections,” he said. “Countries like North Korea and China have a history of conducting cognitive warfare during peacetime to sway South Korean politics. With access to this data, they could attempt to influence election outcomes in favor of candidates perceived as sympathetic to their interests.”

Park added that the implications of such data theft extend beyond political manipulation.

“Our lives are deeply embedded in digital networks. Devices like smartphones are indispensable, and stolen data could be weaponized by adversary states — not only to wage psychological warfare but also to disrupt essential services like online banking or national infrastructure,” he said.

The true motives of the Chinese hackers behind the SKT breach remain unclear, as investigations are still ongoing. However, cybersecurity experts have noted that this was not a typical ransomware attack. There was no evidence of encrypted data or ransom demands.

Lim Jong-in, a cybersecurity professor at Korea University, stated in a May 21 media interview that the cyberattack on SKT did not resemble a conventional hack. He suggested that the attackers specifically targeted South Korea’s telecommunications infrastructure.

His observation reinforces the growing concern that this was not a financially motivated operation — but one aimed at undermining national stability.

From left, Japanese Prime Minister Shigeru Ishiba, Italian Prime Minister Giorgia Meloni, French President Emmanuel Macron, Canadian Prime Minister Mark Carney, U.S. President Donald Trump, British Prime Minister Keir Starmer, and German Chancellor Friedrich Merz, participate in a group photo in front of the Canadian Rockies at the Kananaskis Country Golf Course during the G7 Leaders' Summit on June 16. AFP-Yonhap

From left, Japanese Prime Minister Shigeru Ishiba, Italian Prime Minister Giorgia Meloni, French President Emmanuel Macron, Canadian Prime Minister Mark Carney, U.S. President Donald Trump, British Prime Minister Keir Starmer, and German Chancellor Friedrich Merz, participate in a group photo in front of the Canadian Rockies at the Kananaskis Country Golf Course during the G7 Leaders' Summit on June 16. AFP-Yonhap

Global response

The most well-known non-financial motivations behind cyberattacks include, among others, foreign interference and the disruption of critical infrastructure such as transportation systems, ports and telecommunications networks.

Foreign interference has become a central concern driving state-sponsored hackers to target other countries. China, Russia and Iran are among the most active nations when it comes to meddling in foreign elections.

Such interference often begins with cyberattacks. To manipulate public opinion, hackers first need access to the personal data of citizens in their target countries. Using this information — and increasingly with the help of AI — they generate content tailored to resonate with specific audiences and disseminate it across social media platforms. Misinformation and fake news are commonly deployed to sway public sentiment and influence decision-making.

Several Western democracies, including the United States and Canada, have already experienced foreign interference in their electoral processes. Recognizing the gravity of this threat, the leaders of the Group of Seven, or G7, discussed strategies to counter foreign meddling during their recent summit held in Kananaskis, Alberta, from June 16-17 (local time).

“The G7 leaders underscored their resolve to ensure the safety and security of their communities. They condemned foreign interference, underlining the unacceptable threat of transnational repression to rights and freedoms, national security and state sovereignty,” the Chair’s Summary of the event stated.

According to news outlet Nikkei Asia, U.S. President Donald Trump had planned to hold a meeting with the leaders of four Indo-Pacific countries — South Korea, Australia, Japan and New Zealand — on the sidelines of the NATO summit in the Netherlands this week. The proposed meeting aimed to address mounting threats posed by Russia and China across various domains, including cyberspace and space. While it is unclear whether foreign interference was on the proposed agenda, the meeting was significantly scaled down after the leaders of South Korea, Japan and Australia opted not to attend the NATO summit.

South Korea was instead represented by National Security Advisor Wi Sung-lac, who traveled to the Netherlands for the discussions.

Cyberattacks are a critical national security issue. When stolen personal data is weaponized by foreign states to influence political outcomes, it poses a direct threat to a nation’s sovereignty. South Korea is not immune to the malicious use of illegally obtained personal data. In light of growing global concern, South Korean policymakers should consider closer cooperation with countries that have had similar experiences. Creating an international platform to share insights, exchange best practices and develop joint responses would be a meaningful step toward combating digital-age security threats.

A passerby walks past an SK Telecom store in Seoul on June 23, where a sign reads, 'USIM replacements available.' Yonhap

A passerby walks past an SK Telecom store in Seoul on June 23, where a sign reads, "USIM replacements available." Yonhap