Samsung has suffered a data breach. The breach exposed the personal information of an unspecified number of its customers in the UK. The company has already notified customers potentially affected by this security issue via email. The further course of action is not known.
Samsung confirms a data breach in the UK
According to Samsung’s email to customers, which was shared on X by @KwyjiboUK, a hacker gained unauthorized access to the company’s servers by exploiting a vulnerability in a third-party business app. It didn’t go into detail about the app or the vulnerability in question but said that it uses the app to process purchases made through its online store in the UK.
Samsung also didn’t reveal when the breach took place. The company said it came to know about the unauthorized access this Monday, November 13. An internal investigation revealed that the hacker could steal the personal information of customers who made a purchase on the Samsung UK e-shop between July 1, 2019, and June 30, 2020. Affected data included names, phone numbers, addresses, and email addresses.
The Korean firm assured that the breach didn’t expose more sensitive information such as passwords and financial information like credit card details. Its email also suggests that customers who have accounts on the Samsung UK e-shop but didn’t make any purchase during the specified period weren’t affected (even if they purchased something before July 2019 or after June 2020).
@troyhunt another dataset to keep your eyes open for 🙄 pic.twitter.com/VwNCd1nUF1
— Michael Valentine (@KwyjiboUK) November 15, 2023
The data breach also doesn’t appear to have exposed the personal information of Samsung customers outside the UK. Hopefully, the company will publicly report this incident soon and share more details. We still have no information about the app and the vulnerability in question. It is unclear whether Samsung or other firms still use the app and if the vulnerability has been patched.
This isn’t the first such incident for Samsung this year
This isn’t the first data breach Samsung has confirmed this year. As pointed out by Cybernews, the company reported a similar incident in late July. It exposed the names, contacts, demographic information, dates of birth, and product registration data of its customers.
In March 2022, Samsung confirmed that the notorious hacking and data extortion group Lapsus$ stole confidential information, including source code for Galaxy smartphones, from its servers. The breach also exposed information about some of Samsung’s clients, including Qualcomm. Hopefully, the Korean firm is working on strengthening its security systems to prevent similar incidents in the future.