SK Telecom is facing a dual burden of responding not only to a personal data leak incident but also to false claims of leaks. Recently, posts suggesting that SK Telecom customer information is being sold have appeared one after another on the dark web. But industry officials say it is more likely that the information is not actual leaked data but fake personal data samples assembled using artificial intelligence (AI) or automation tools.
The problem is that a "leak impersonation scam" exploiting corporations' names is spreading, taking advantage of rising consumer anxiety. As a result, corporations' security risks are expanding beyond incident containment to reputational damage, a surge in customer inquiries, and blocking secondary harm. As real leaks are exploited as tools for cybercriminals to impersonate, the scope of corporate crisis response is widening.
According to industry officials on the 30th, on the 26th posts appeared on the dark web and social media (SNS) suggesting "selling 21 million SK Telecom customer records." The poster claimed the data included customer IDs, names, phone numbers, emails, addresses, dates of birth, and sign-up dates. Some posts reportedly included threatening language implying that if SK Telecom did not respond, customer data or administrator access would be exposed.
However, SK Telecom drew a line, saying this is not an actual customer information leak. The company's internal red team, composed of white-hat hackers, independently verified the posts and sample data. An SK Telecom official said, "We have confirmed that claims of a customer data leak are groundless."
The security industry also views these posts as closer to a "leak impersonation scam" than a real breach. Items that look like names, phone numbers, emails, addresses, and sign-up dates can be assembled relatively easily with Generative AI or automation tools. On the surface, it may look like part of a customer databases extract, but a closer look often reveals non-existent addresses, repetitive email formats, overly regular phone number patterns, and field structures that do not match actual internal systems at corporations.
The problem is that SK Telecom experienced a USIM information leak. Because there was an actual incident, even a claim of "additional leaks" inevitably heightens consumer anxiety. This is exactly what criminals target. Even without a complete customer databases, a company name, a few sample lines, a Telegram chat room, and a file listing screen can make it look like a massive leak. It becomes a money-making scheme even without real data.
False claims of data sales targeting SK Telecom have surfaced before. In Sep. last year, a group posing as an international hacking organization claimed on Telegram that it had stolen 27 million SK Telecom customer records. However, SK Telecom countered that an analysis of the sample data, website captures, and FTP screens at the time showed websites that did not exist at the company, and it was difficult to see the information as having been leaked from actual SK Telecom systems.
In the past, the key was to confirm whether there was an actual breach and the scale of the leak. Now, false leak claims must also be verified quickly. The longer verification takes, the more likely false claims are to spread as if they were real damage.
Secondary harm to consumers must also be guarded against. The sales posts themselves may be false, but phishing and smishing using them as bait can cause real damage. Attackers can induce link clicks or additional data entry with messages such as "Your personal information has been leaked," "Identity verification is required," or "Security measures must be taken." Right after an actual leak, consumers' anxiety and vigilance rise at the same time, increasing the likelihood they will be swayed by such messages.
This case shows that the aftershocks of a personal data leak do not end with a single hack. Once a real incident occurs, fake data sales, misuse of a company's name, threatening messages, and phishing attempts pile on. As AI and automation tools lower the expense of creating fake personal data samples, corporations now have to check not only "what was actually leaked" but also "what was manipulated to look leaked." An IT industry official said, "The scope of corporate security is expanding from responding to actual breaches to blocking false leak claims and managing consumer anxiety."