SK Telecom Co., Ltd. was ordered by South Korea’s consumer agency to compensate 58 users who filed a class‑action lawsuit over the company’s April 18 2025 data breach. The order requires the carrier to pay each victim 100,000 won—split into a 50,000‑won discount on future telecommunications fees and 50,000 T‑Plus points—bringing the total direct payout to 5.8 million won.
The breach, which exposed the personal information of roughly 27 million subscribers, was discovered on April 18 2025 after malware identified as BPFDoor was found on SK Telecom’s servers. While the fine imposed by the Personal Information Protection Commission was 134.8 billion won, the consumer agency’s order adds a new liability that could reach up to 2.3 trillion won if the company were to extend compensation to all affected users. The fine and potential payout underscore the severity of the security failure and the regulatory expectation that SK Telecom take remedial action.
The financial impact extends beyond the direct compensation. In the second quarter of 2025, SK Telecom reported a 250 billion‑won one‑time expense related to SIM replacements and store‑based compensation, which contributed to a sharp decline in quarterly profit. The breach also triggered a record customer exodus, with nearly one million subscribers switching carriers in May 2025 alone—a 77 % jump over the typical monthly average. In July 2025, the company lowered its annual revenue guidance, citing the combined effect of churn and the cost of remediation.
Management has acknowledged the breach’s damage to customer trust, stating that SK Telecom “carries heavy responsibility” and will “closely review the ruling in detail.” The company has also pledged to make personal data protection a core value in all business activities, signaling a shift toward stronger security governance. The order is a clear signal that regulators will not tolerate lax data protection, and it may prompt other Korean telecoms to accelerate their own security upgrades.
The consumer agency’s decision reflects broader regulatory tightening in South Korea, where the Personal Information Protection Commission is moving to make ISMS‑P certification mandatory for key systems. SK Telecom’s experience illustrates the high cost of non‑compliance and the importance of proactive security measures in an industry where customer loyalty is fragile and competition is intense. The order is likely to influence investor expectations about SK Telecom’s future profitability and risk profile.
The content on BeyondSPX is for informational purposes only and should not be construed as financial or investment advice. We are not financial advisors. Consult with a qualified professional before making any investment decisions. Any actions you take based on information from this site are solely at your own risk.