“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. SK Telecom data breach triggers mass exodus and regulatory backlash – The Readable
SK Telecom experienced one of South Korea’s most serious cybersecurity breaches, with a massive data breach that began in June 2022 and was only uncovered in April 2025. A joint investigation revealed that 26 million users’ personal data was compromised through 25 types of malware deployed across 23 servers. The leaked data included names, birthdates, phone numbers, email addresses, and approximately 292,000 IMEIs—International Mobile Equipment Identity numbers, which uniquely identify individual mobile devices and can be exploited for activities such as phone cloning or fraudulent tracking.
Following the public disclosure, SK Telecom experienced a rapid loss of subscribers. According to multiple local news outlets, over 34,000 users switched carriers on the first day the company offered free SIM replacements, with the total exceeding 70,000 within two days. As of May 21, 2025, the cumulative subscriber loss reached approximately 395,517, equivalent to a decade’s worth of customer growth according to company records. This exodus also affected SK Telink and other budget mobile service providers using SK Telecom’s network, which saw a decline of around 44,000 subscribers during the same period.
In response, SK Telecom initiated a large-scale SIM card replacement program, with over 3.54 million SIM cards replaced and 187,000 users completing SIM reconfiguration by May 21. The company aims to achieve a 50% replacement rate by the end of May.
The incident sparked major controversy over SK Telecom’s delayed disclosure and inadequate data protection measures. South Korea’s Personal Information Protection Commission (PIPC) launched an investigation into potential legal violations, including short log retention periods and lack of encryption.
- Related article: SK Telecom hacking incident raises concerns over USIM security – READ MORE
2. Legal aid hack: data from hundreds of thousands of people accessed, says MoJ – The Guardian
A major cyberattack on the Legal Aid Agency (LAA) in England and Wales exposed personal data of legal aid applicants dating back to 2010, including criminal records and financial details. Authorities believe a criminal gang was responsible and estimate up to 2.1 million records may have been accessed.
The Ministry of Justice admitted longstanding vulnerabilities in the LAA’s IT systems and has taken the compromised digital services offline, implementing temporary alternatives while building a secure replacement.
Legal professionals have criticized the outdated infrastructure, warning the breach could lead to blackmail, especially for individuals whose legal matters were previously confidential.
3. Supplier to major supermarkets hit by cyberattack – BBC
U.K. logistics firm Peter Green Chilled, which supplies major supermarkets like Tesco, Sainsbury’s, and Aldi, has suffered a ransomware attack. The firm confirmed the incident began Wednesday evening and has disrupted order processing, though transport operations have continued.
The attack highlights the cybersecurity vulnerabilities of smaller distributors compared to larger players which have greater resources for protection. Industry experts noted a sharp rise in ransomware attacks across the food distribution sector, with hackers targeting critical supply chain points to pressure companies into paying ransoms.
Cybersecurity officials warn such attacks are often underreported due to reputational risks and the possibility of external interventions. Recent attacks on Co-op and Marks & Spencer underline the broader trend of rising cyber threats across both major retailers and their supply chain partners.
4. US and European authorities crack down on hacking tool used by cybercriminals worldwide – CNN
U.S. and European authorities have dismantled Lumma, a widely used hacking tool involved in global ransomware attacks, financial theft and data breaches. The U.S. Justice Department seized servers used by hackers, while Microsoft disabled 2,300 related web domains, affecting a criminal operation that infected nearly 400,000 Windows systems globally.
Lumma was used to target airlines, universities, banks, hospitals and government agencies, causing significant damage—including $36.5 million in credit card fraud in 2023. The tool’s developer is believed to be based in Russia and has been selling access via Telegram and Russian-language forums, though legal action against him is complicated by jurisdictional barriers and lack of extradition cooperation.
The crackdown involved a coalition of law enforcement and private sector partners from the U.S., Europe and Japan. Authorities emphasized that even when key perpetrators can’t be prosecuted, disrupting the infrastructure and trust within the cybercriminal ecosystem is a powerful strategy to protect victims.
5. 19-year-old accused of largest child data breach in U.S. agrees to plead guilty to federal charges – NBC News
A 19-year-old Massachusetts man, Matthew Lane, has agreed to plead guilty to hacking PowerSchool, a leading U.S. education technology company, and stealing the personal information of 62 million schoolchildren. This breach is believed to be the largest known theft of American children’s data, exposing names, addresses, birthdates, Social Security numbers and medical details.
Lane gained access using a stolen employee login, according to court documents. He faces over nine years in prison under a plea deal that includes charges of unauthorized access to a protected computer and aggravated identity theft. Although Lane was not explicitly linked to the extortion, PowerSchool received a $2.85 million ransom demand and later discovered hackers had sent extortion emails to schools in Canada and North Carolina using the stolen data.
The case highlights growing cybersecurity risks in the education sector, where digital platforms like PowerSchool have expanded rapidly since the pandemic. Despite paying for a video of hackers claiming to delete the data, PowerSchool confirmed in May that the same stolen information continues to be used in criminal activity, calling it a painful re-victimization of their customers.
6. Alabama Man Gets 14 Months for Hacking SEC’s X Account With SIM-Swap Scheme – PG Mag
Eric Council Jr., a 26-year-old from Alabama, has been sentenced to 14 months in prison for hacking the U.S. Securities and Exchange Commission’s (SEC) X account in 2024. He used a SIM swap attack to hijack a staff member’s phone number, gained access to the @SECGov account, and posted false information claiming that bitcoin ETFs had been approved. This fake announcement briefly spiked bitcoin’s value by $1,000, allowing Council and his co-conspirators to profit through trading.
To execute the hack, Council forged a physical ID and impersonated the victim at an AT&T store to activate a new phone tied to the victim’s number. He then used this to intercept password reset codes and access the SEC’s social media. The bitcoin price later dropped by over $2,000 after the SEC corrected the false claim.
Authorities linked Council to the crime through internet search history and device evidence. He allegedly earned around $50,000 from the scheme. The case underscores ongoing threats from social media hacks spreading fake crypto news, a tactic increasingly used against high-profile accounts to manipulate markets.
7. Advisory: Russian GRU targeting Western logistics entities and technology companies – CISA
A coalition of Western intelligence and cybersecurity agencies has issued a joint advisory warning about a Russian state-sponsored cyber espionage campaign, led by GRU unit 26165 (aka APT28/Fancy Bear), which has aggressively targeted logistics and technology companies, particularly those involved in delivering aid to Ukraine.
Since 2022, this campaign has used a variety of known cyberattack methods—including password spraying, spearphishing, exploitation of vulnerabilities, and IP camera hijacking—to breach systems across NATO member states and allied nations, such as the U.S., Germany, France, Poland, and Ukraine.
The attackers specifically sought out logistics data such as shipment manifests, departure points, cargo contents, and travel routes, even attempting to access IP cameras near border crossings and transportation hubs to track real-time movements. They also used malware like HEADLACE and MASEPIE, and abused trusted relationships between firms to expand their access.
The report provides detailed indicators of compromise (IOCs), targeted sectors, and technical recommendations for mitigating threats, including adopting Zero Trust architectures, patching known vulnerabilities, limiting VPN access, and monitoring suspicious user behaviors.
8. AI data security: Best practices for securing data used to train & operate AI systems – CISA
A coalition of cybersecurity agencies from the U.S., U.K., Australia, and New Zealand has released guidance emphasizing the importance of securing data throughout the entire AI system lifecycle. The report highlights that data used in AI systems is vulnerable to manipulation at every phase—from initial collection to model deployment—and outlines strategies to prevent security failures.
The report notes that low-cost, low-effort methods like split-view and frontrunning poisoning make even large-scale datasets susceptible to abuse, especially when curators lack control over the original content.
The document recommends robust practices such as tracking data provenance, using encryption and digital signatures, validating metadata, securing storage, and regularly auditing data integrity. It also stresses the need for continuous monitoring and updating of AI models to guard against evolving threats, with a call for greater diligence in managing foundation models and third-party data.
Editor’s note: Each item in this briefing was initially summarized or translated by ChatGPT-4o based on the author’s specific instructions, which included news judgment, fact-checking, and thorough editing before publication.
