Mere hours ago, a regulator in South Korea fined SK Telecom, the biggest mobile carrier in the country. The imposed financial penalty amounts to 134.8 billion won, which is approximately $97 million when directly converted. What’s more, an additional administrative penalty of 9.6 million won was also imposed.
This is way more than Google’s 2022 fine, ~70 billion won. The search engine giant was fined for gathering personal information without user consent.
Similarly, the reason for the record SK Telecom fine is a massive user data leak. It happened back in April of this year. PIPC Chairperson Ko Hak-soo explained at a press briefing that the committee had reached the decision during a general meeting the previous day.
The breach was first reported by SK Telecom to the PIPC on April 22, after the company detected suspiciously large volumes of data leaving its network on April 18. Following a months-long investigation, regulators confirmed that information belonging to more than 23 million customers had been compromised. The stolen data included phone numbers, international mobile subscriber identity codes, and 23 other types of universal subscriber identity module (USIM) information.
In July, the government declared SK Telecom liable for failing to adequately protect customer information. As part of the response, regulators instructed the company to waive early termination fees for subscribers who chose to switch carriers.
We hope this incident serves as a reminder for companies that process large volumes of personal data to view the personal information protection budgets as an essential investment. We also expect it will raise awareness of the role and importance of CPOs and dedicated privacy teams in corporate management.
– PIPC Chairperson Ko Hak-soo, August 2025
The PIPC said the fines were based on several shortcomings in SK Telecom’s data protection practices, including weak access controls, poor oversight of access rights, failure to encrypt USIM authentication keys, and delayed notification of affected users. Just last month, SK Telecom pledged 700 billion won toward information security initiatives and an additional 500 billion won toward customer protection, alongside its commitment to waive termination fees. Too late?
After the fine was announced, SK Telecom released a statement acknowledging the decision and expressing a sense of responsibility. However, it also expressed disappointment that its protective efforts and explanations were not fully reflected in the outcome. SK Telecom said it will review the PIPC’s written decision. The company has 90 days from receiving the decision to legally challenge the ruling.
Still, the size of the fine has drawn criticism, with some pointing out inconsistencies compared to past cases. Google, for instance, was fined 69.2 billion won in 2022 for using customer data for targeted advertising without consent. Kakao was fined 15.1 billion won over a data leak involving its open chatroom service, while LG Uplus paid 6.8 billion won after a breach similar to SK Telecom’s.
“Iconic Phones” is coming this Fall!
Good news everyone! Over the past year we’ve been working on an exciting passion project of ours and we’re thrilled to announce it will be ready to release in just a few short months.
LEARN MORE AND SIGN UP FOR EARLY BIRD DISCOUNTS HERE
#ATT #Verizon #TMobile #watch #fines #personal #data #leaks #reach #million
