South Korea orders SK Telecom to pay 100,000 Won to each user after nationwide data breach

South Korea’s state-run consumer watchdog has ordered SK Telecom Co., the country’s largest mobile carrier, to compensate users with 100,000 won each after a massive data breach earlier this year exposed the personal information of all 23 million subscribers.

The Korea Consumer Agency announced Sunday that it reached the decision through a dispute mediation process initiated by 58 customers in May. The agency concluded that the April hacking incident caused tangible harm to consumers and that SK Telecom bears responsibility for compensating individual users.

The breach involved the leak of universal subscriber identity module data from SK Telecom’s servers. The company disclosed the incident weeks after it occurred, offered free USIM replacements to all subscribers, and came under investigation by multiple regulators. In August, the Personal Information Protection Commission imposed a record administrative fine of 134.8 billion won on the company.

The compensation package ordered by the consumer agency consists of a 50,000 won reduction in monthly mobile service fees and 50,000 won in credits usable as cash equivalents, bringing the total to 100,000 won per person. The agency said that if SK Telecom accepts the ruling within 15 days of receiving formal notice, it will move to extend compensation to users who did not take part in the mediation process.

With approximately 23 million users affected, the total payout could reach about 2.3 trillion won, or roughly $1.5 billion. That figure exceeds SK Telecom’s 2024 net profit of 1.43 trillion won and represents about 13 percent of its annual sales of 17.94 trillion won.

The consumer agency said its decision was based on findings from a joint government and private-sector investigation completed in July, as well as disciplinary action taken by the privacy regulator in August. The agency stated that the data leak resulted from hacking of the company’s systems and that SK Telecom is responsible for the resulting damage.

SK Telecom said it will review the ruling and make a prudent decision. The company has already spent more than 1 trillion won on compensation measures and cybersecurity upgrades following the breach and faces a separate legal deadline in mid-January to challenge the privacy regulator’s fine.