SIM Swap Fraud in Korea: After the SKT Breach, Here's How to Protect Your Phone Number
SKT's 23.24 million USIM data breach and record $100M fine exposed Korea's SIM swap vulnerability. Learn how SIM swapping works and the essential security steps to take now.
SIM Swap Fraud in Korea: When Your Phone Number Gets Hijacked
In April 2025, SK Telecom suffered the largest telecom data breach in Korean history — 23.24 million subscribers' USIM data was leaked. SKT was hit with a record-breaking fine of 134.8 billion KRW (approximately $100 million USD). The same year, KT was compromised through a femtocell (micro base station) hack causing 240 million KRW in financial damages, and LG U+ suffered a separate server breach.
This unprecedented situation — all three Korean telecoms hacked in the same year — exposed the fundamental vulnerability of SMS-based authentication.
What Is SIM Swapping?
SIM swapping is an attack where a fraudster duplicates your USIM or transfers your phone number to their SIM card, effectively hijacking your mobile identity.
How the Attack Works
- Attacker collects victim's personal information (from data breaches, social engineering)
- Contacts the telecom carrier posing as the victim — requests USIM reissue or number porting
- Victim's phone number transfers to the attacker's device
- Attacker receives all SMS verification codes meant for the victim
- Attacker accesses banking, crypto, email — any service using SMS verification
What SIM Swappers Can Steal
| Target | Risk |
|---|---|
| Bank accounts | Intercept OTP/SMS verification → transfer funds |
| Crypto exchanges | Access Upbit, Bithumb → steal cryptocurrency |
| Password reset → cascade to all connected accounts | |
| Messaging apps | Account takeover → impersonate victim for scams |
| Mobile payments | KakaoPay, Toss → fraudulent transactions |
The 2025 Korean Telecom Breach Timeline
| Carrier | Incident | Impact |
|---|---|---|
| SKT | USIM data leak | 23.24M subscribers, record 134.8B KRW fine |
| KT | Femtocell hack | Illegal micro base stations intercepted communications, 240M KRW financial damage |
| LGU+ | Server breach | Subscriber personal data exposed |
How to Protect Yourself
1. Enroll in USIM Protection Service
After the SKT breach, all three carriers now offer free USIM protection services:
| Carrier | Service | How to Enroll |
|---|---|---|
| SKT | USIM Protection | T World app or retail store |
| KT | USIM Lock | My KT app or retail store |
| LGU+ | USIM Protection | U+ app or retail store |
This prevents unauthorized USIM duplication or number porting.
2. Block Non-Face-to-Face Account Changes
Request your carrier to require in-person verification for any USIM reissue or number porting. This eliminates remote SIM swap attacks entirely.
3. Enable PASS App Login Alerts
Turn on login notifications in the PASS app to receive immediate alerts when someone attempts to authenticate using your identity.
4. Reduce SMS Authentication Dependency
| Auth Method | Security Level | Details |
|---|---|---|
| SMS verification | ⚠️ Vulnerable | Completely exposed to SIM swap |
| TOTP app | ✅ Secure | Google Authenticator, Microsoft Authenticator |
| Hardware key | ✅✅ Very secure | YubiKey, physical security keys |
| Biometric | ✅ Secure | Fingerprint, face recognition |
5. Additional Financial Safeguards
- Lower transfer limits in banking apps
- Enable delayed transfer (30-minute hold on large transfers)
- Set up withdrawal whitelists on crypto exchanges
Warning Signs of a SIM Swap Attack
Your phone suddenly shows "No Service"? This is the first signal. Act immediately:
| Step | Action |
|---|---|
| 1 | Contact your carrier via Wi-Fi or visit a store |
| 2 | Freeze all financial accounts |
| 3 | Report to police (112) |
| 4 | Change passwords for email, banking, and crypto |
| 5 | Check your PASS app for unauthorized phone lines |
Storing Backup Authentication Codes Safely
To prepare for a SIM swap scenario, you need to securely store your 2FA backup codes, crypto recovery phrases, and account recovery keys. Storing them in your phone's notes app or chat messages means they'll be compromised along with your phone.
Use LOCK.PUB's encrypted memo to store these critical backup codes behind a password:
| What to Store | Examples |
|---|---|
| 2FA backup codes | Google Authenticator recovery codes |
| Crypto recovery phrases | 12/24-word seed phrases |
| Email recovery info | Backup email addresses, recovery phone numbers |
| Carrier emergency numbers | SKT 114, KT 100, LGU+ 101 |
| Bank fraud hotlines | Your primary bank's emergency number |
Set an easy-to-remember password and share it with a trusted family member for emergencies.
Key Takeaways
The 2025 Korean telecom breaches revealed the structural weakness of a society where phone numbers equal identity. Enroll in USIM protection, block remote account changes, reduce SMS dependency, and store your backup authentication data securely with LOCK.PUB.
Protecting your phone number means protecting your entire digital life.
Keywords
You might also like
Identity Theft in South Korea: Massive 2025 Data Breaches and How to Protect Yourself
Coupang leaked 33.7M accounts. All three Korean telecoms were hacked. Learn how to check if your data was exposed, freeze your credit, and prevent identity theft in Korea.
Android Malware Scam in Singapore: 128+ Cases, S$2.4M Lost — How APK Files Drain Your Bank Account
Since February 2025, Android malware scams have cost Singaporeans S$2.4M. Learn how malicious APK files steal banking credentials and how to protect yourself.
Children's Online Safety in Singapore: A Parent's Complete Guide for 2026
Everything Singapore parents need to know about keeping children safe online — screen time guidelines, parental controls, new regulations, and practical tools.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free