SK Telecom, a Korean telecommunications operator, announced on April 20th that their users’ universal subscriber identity module (USIM) information was leaked through malicious code. The company first detected abnormal activities on April 18th and identified the actual data breach on the 19th. However, it only reported the incident to the Korea Internet & Security Agency (KISA) on the 20th, failing to comply with its obligation to report a breach within 24 hours of becoming aware of such a case. The information that has been leaked consists of mobile phone numbers, international mobile subscriber identity (IMSI) data, and other information related to the USIM. This is key personal information that can be used for illegal USIM replication, meaning hackers could abuse it for SIM swapping and commit financial fraud. 9.7GB of data was said to have been leaked, and the information of 25 million subscribers, including SK Telecom users and those who use its Mobile Virtual Network Operator (MVNO) plans, may have been exposed. In response, SK Telecom recommended that its users subscribe to the free USIM Protection Service, which blocks access from unauthorized devices, and eventually implemented an automatic enrollment system for it. The company emphasized that it would take full responsibility for damages resulting from the leak, and offered free USIM replacements to all users. In the following days, long queues formed in front of SK Telecom retail stores, as people waited for replacements. However, the initial 1 million stock were insufficient, causing further delays than expected.