SK Telecom plans to secure 5m more USIM cards by late May, but that would still fall far short of covering its 25m users

Customers wait outside SK Telecom’s branch in Yongsan-gu, Seoul, on Monday, as most seek to reserve appointments for new USIM cards following a major security breach. (Moon Joon-hyun/The Korea Herald)
Customers wait outside SK Telecom’s branch in Yongsan-gu, Seoul, on Monday, as most seek to reserve appointments for new USIM cards following a major security breach. (Moon Joon-hyun/The Korea Herald)

What was meant to reassure customers after a major security scare quickly turned into long lines, delays and frustration, as SK Telecom’s free USIM card replacement program struggled to meet overwhelming demand on its first day.

Earlier this month, South Korea’s largest mobile carrier disclosed that it had discovered malware inside a key internal system, the Home Subscriber Server — the database that manages mobile user identities and network authentication.

The discovery raised concerns that sensitive information stored on customers’ physical USIM cards — including identifiers needed to verify a user's phone on the network — may have been exposed.

To address security concerns, the company promised free physical USIM card replacements to all affected customers — over 25 million people.

It also urged customers to enroll in its "USIM Protection Service," a security feature that blocks network access if a cloned USIM card is inserted into an unauthorized device by verifying the phone’s IMEI number — a unique identifier assigned to each mobile device, like a digital fingerprint.

SK Telecom emphasized that enrolling in the service offers a level of safety comparable to replacing the card.

Long lines, empty hands

(Screenshot from Naver Map)
(Screenshot from Naver Map)

At SK Telecom’s store near Sookmyung Women's University station in Yongsan-gu, Seoul, customers lined up early Monday morning, only to find that the stock of USIM cards had already been depleted.

The store had posted an online notice days earlier on Naver Map, warning that over 500 reservations had already been made.

Inside, two overwhelmed employees explained that early reservation holders could swap their USIM cards immediately, while walk-ins have to book new appointments — later this week if done in person, or next week if scheduled online through SK Telecom’s website (care.tworld.co.kr).

"Even with endless stock, two of us can only replace about 100 cards a day," one staffer said.

Two SK Telecom employees assist customers with new USIM card reservations at SK Telecom's branch near Sookmyung Women’s University subway station in Seoul on Monday (Moon Joon-hyun/The Korea Herald).
Two SK Telecom employees assist customers with new USIM card reservations at SK Telecom's branch near Sookmyung Women’s University subway station in Seoul on Monday (Moon Joon-hyun/The Korea Herald).

For most waiting in line, security fears, not inconvenience, drove the urgency.

A woman in her 50s said she had booked her appointment "as soon as news of the breach broke."

Nearby, a man in his 60s, who had received SK Telecom’s security alert via text, called the breach "very serious" and said he felt far safer physically replacing his USIM card than relying solely on the network-based protection service.

Others shared similar views.

People gather at the doorway of SK Telecom’s Tworld Sookmyung Women’s University Entrance Branch in Seoul on Monday, seeking to book USIM card replacement appointments amid surging demand. (Moon Joon-hyun/The Korea Herald)
People gather at the doorway of SK Telecom’s Tworld Sookmyung Women’s University Entrance Branch in Seoul on Monday, seeking to book USIM card replacement appointments amid surging demand. (Moon Joon-hyun/The Korea Herald)

A university student in his 20s said he "did not expect immediate financial theft" but felt "uncomfortable leaving compromised data unaddressed." A man in his 30s, who had learned about the breach only through news reports, said he "found the situation unsettling enough to warrant a prompt replacement."

The reservation website struggled under demand as well. By mid-morning, more than 97,000 customers were queued for reservations.

At major airports like Incheon, SK Telecom expanded roaming center staffing by 50 percent and pledged that even if customers missed replacement opportunities before departing, the company would be liable for any subsequent overseas fraud involving cloned USIM cards.

Currently, SK Telecom holds around one million USIM cards, with plans to secure five million more by late May. Given the scale, shortages are expected to persist for weeks.

Expert's assurance amid anxiety

Amid these mounting anxieties from customers, cybersecurity professor Kim Seung-joo of Korea University told The Korea Herald that replacing the UICC smart card containing the USIM application resets the crucial IMSI and K values, neutralizing the impact of the leaked data.

"When you replace your USIM card, the identifiers are regenerated. You can rest assured after replacement," Kim said.

He confirmed that SK Telecom’s USIM Protection Service also provides strong interim protection by blocking cloned cards from accessing the network. "Enroll in the service first if necessary, and replace the USIM card later when the rush subsides," he advised.

Kim also confirmed that leaked USIM card data alone cannot directly lead to bank account theft.

Still, concerns flared Monday after a report that a SK Telecom user in Busan lost 50 million won ($34,700) following sudden service suspension and unauthorized account transfers. Authorities, however, found the case was not linked to the USIM breach, but to a smishing attack, in which the victim had clicked a phishing link disguised as a funeral notice.

The Ministry of Science and ICT confirmed, "This incident is unrelated to the SK Telecom server hack." SKT said it is cooperating with the ongoing police investigation.


mjh@heraldcorp.com