Samsung has suffered a knowledge breach. The breach uncovered the non-public info of an unspecified variety of its prospects within the UK. The corporate has already notified prospects probably affected by this safety situation through e mail. The additional plan of action just isn’t identified.
Samsung confirms a knowledge breach within the UK
Based on Samsung’s e mail to prospects, which was shared on X by @KwyjiboUK, a hacker gained unauthorized entry to the corporate’s servers by exploiting a vulnerability in a third-party enterprise app. It didn’t go into element in regards to the app or the vulnerability in query however stated that it makes use of the app to course of purchases made via its online store within the UK.
Samsung additionally didn’t reveal when the breach passed off. The corporate stated it got here to know in regards to the unauthorized entry this Monday, November 13. An inner investigation revealed that the hacker may steal the non-public info of consumers who made a purchase order on the Samsung UK e-shop between July 1, 2019, and June 30, 2020. Affected information included names, telephone numbers, addresses, and e mail addresses.
The Korean agency assured that the breach didn’t expose extra delicate info akin to passwords and monetary info like bank card particulars. Its e mail additionally means that prospects who’ve accounts on the Samsung UK e-shop however didn’t make any buy throughout the specified interval weren’t affected (even when they bought one thing earlier than July 2019 or after June 2020).
— Michael Valentine (@KwyjiboUK) November 15, 2023
The info breach additionally doesn’t seem to have uncovered the non-public info of Samsung prospects exterior the UK. Hopefully, the corporate will publicly report this incident quickly and share extra particulars. We nonetheless haven’t any details about the app and the vulnerability in query. It’s unclear whether or not Samsung or different companies nonetheless use the app and if the vulnerability has been patched.
This isn’t the primary such incident for Samsung this yr
This isn’t the primary information breach Samsung has confirmed this yr. As identified by Cybernews, the corporate reported an identical incident in late July. It uncovered the names, contacts, demographic info, dates of beginning, and product registration information of its prospects.
In March 2022, Samsung confirmed that the infamous hacking and information extortion group Lapsus$ stole confidential info, together with source code for Galaxy smartphones, from its servers. The breach additionally uncovered details about a few of Samsung’s shoppers, together with Qualcomm. Hopefully, the Korean agency is engaged on strengthening its safety programs to forestall related incidents sooner or later.