SK Telecom has confirmed a breach of its internal systems, revealing that customer data was compromised after attackers deployed malware and exfiltrated information. As South Korea’s largest wireless carrier—serving tens of millions of users and commanding roughly half the local market—the impact is likely to be significant.

The intrusion was detected on April 19, and the company issued a public statement this week acknowledging the breach. An internal investigation confirmed that personal data had been stolen, though details on what kind of information was leaked have not yet been released.

What’s clear is that SK Telecom is now offering a free SIM protection service to its customers. That’s a big hint that the attackers may be planning—or already attempting—SIM swapping attacks, where stolen personal details are used to port phone numbers and take over user accounts.

In response, the company says it has isolated compromised systems, removed the malware, and notified the Korea Internet Security Agency (KISA). The investigation is still ongoing, and there’s no confirmation yet on who’s behind the breach.

At this point, no ransomware group has claimed responsibility, and there’s no public evidence this was a financially motivated extortion attempt. That leaves open the possibility of state-sponsored cyberespionage, especially considering that telecom providers are frequent targets of intelligence-focused threat actors. Chinese APTs have been linked to similar attacks on telcos in the past.

Whether this breach was about money or surveillance, the incident is a stark reminder of just how attractive telecom data continues to be—especially when the victim holds the keys to millions of users’ digital lives.