Data breach costs lead to 90% drop in operating profit at South Korean telecom giant
South Korea’s major mobile carrier, SK Telecom, told shareholders that recovery costs and other losses tied to a data breach earlier this year led to a 90 percent drop in operating profit for the third quarter, highlighting the increasing impact of cyber incidents.
The company posted an operating profit of 48.4 billion won ($34.1 million), down from 493 billion won a year earlier, while sales fell 12.2 percent, according to its earnings report released last week. The loss ended a streak of consecutive quarterly profits stretching back to 2000, local media reported.
The Seoul-based telecom giant said it suspended its third-quarter dividend due to the financial hit but pledged to resume payouts once business conditions stabilize.
SK Telecom said the sharp decline stemmed from compensation and recovery costs following a large-scale cyberattack disclosed in April that exposed the personal data of about 27 million customers. The company traced the breach back to 2022, when attackers infiltrated its network using 25 types of malware that went undetected for nearly three years.
The stolen data included subscriber identity numbers, authentication keys, network activity logs and SIM-stored text messages. In response, regulators imposed a record 134 billion won ($96.5 million) fine and ordered SK Telecom to overhaul its cybersecurity systems. The company also offered to replace the SIM cards of millions of users and suspended new subscriptions for two months.
To rebuild trust, SK Telecom rolled out a 500-billion-won ($349 million) “customer appreciation package” that included rate discounts, free data and vouchers. It also waived contract termination fees and introduced a 50 percent mobile fee discount — measures that increased customer churn and further eroded revenue.
“SK Telecom will prioritize the restoration of customer trust and turn crisis into opportunity,” the company’s chief financial officer, Kim Yang-seob, said in a statement last Thursday.
Another major breach hit South Korean credit card issuer Lotte Card in August, when the company disclosed that hackers had stolen data on three million customers by exploiting a server vulnerability left unpatched since 2017. The intrusion went undetected until a routine server check nearly two weeks after the attackers gained access.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.