South Korean telecom giant SK Telecom revealed this week that a malware-based data breach exposed over 27 million phone numbers, compromising customer privacy and raising alarms across the cybersecurity community. The breach reportedly lasted for more than three years, targeting systems at SK Shieldus, a security affiliate spun off from SK Telecom in 2021.
The attack was first uncovered by South Korea’s Ministry of Science and ICT, which announced that between May 2021 and early 2024, malware was silently extracting mobile phone numbers from SK Shieldus security software installed at hundreds of corporate clients. Authorities described it as a long-running supply chain attack that went undetected for years.
SK Telecom and SK Shieldus both issued public apologies after the breach was disclosed. The affected software, used by approximately 90 customer organizations, had been embedded with malicious code that enabled the unauthorized extraction of subscriber data. SK Shieldus clarified that no names, personal IDs, or location data were compromised — only mobile numbers.
“We take this incident very seriously and deeply regret the inconvenience caused to our customers,”
the company said in a formal statement.
The attackers are believed to have inserted a malicious module during the software packaging process, allowing the malware to be installed alongside legitimate security tools. Investigators discovered that the malware communicated with external command-and-control servers to exfiltrate the phone numbers. South Korean authorities are still working to determine whether nation-state actors or cybercriminal groups were behind the breach.
The supply chain compromise is particularly alarming given that SK Shieldus provides endpoint protection and other security services. The breach has reignited concerns about software integrity, zero-trust architecture, and the risks posed by malicious insider access or unsecured build environments in the telecom and security sectors.
South Korean authorities confirmed that all impacted customer environments have been cleaned and that steps are underway to improve code auditing, endpoint monitoring, and malware detection. New guidelines for critical software providers are also being drafted to prevent similar incidents in the future.
This breach mirrors other high-profile cases where malware backdoors were introduced through trusted software pipelines. The incident has once again emphasized the importance of supply chain security, threat detection, and cyber resilience in telecom infrastructure.
