Share this article on:
Breaking news and updates daily. Subscribe to our Newsletter
Korean technology giant Samsung has announced that it has been impacted by a cyber attack, resulting in the personal data of some of its UK customers being exposed.
The breach was discovered on 13 November, with Samsung concluding that it was the result of an unauthorised user accessing the company’s systems through a vulnerability in a third-party application.
In a notification to its customers, the company said that the attack resulted in “some personal information of certain customers” being exposed.
“Based on our investigation, we have identified that the affected data may have included your name, phone number, address and email address,” the company said.
“We want to assure you that the issue did not impact your password or financial information.”
Samsung added that the affected customers were limited to those who made purchases on the company’s e-commerce site between 1 July 2019 and 30 June 2020.
Samsung has said that it has alerted the UK’s Information Commissioner’s Office and has engaged measures to address the vulnerability and mitigate the impact of the attack.
A spokesperson speaking with BleepingComputer confirmed that customers outside the UK were not affected by the breach.
“We were recently alerted to a cyber security incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained,” the spokesperson said.
“No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect US customers, employees or retailer data.”
It is currently unknown who was behind the breach nor the intentions of the threat actor or the name of the vulnerable third-party app.
Samsung has suffered data breaches before, having been attacked in March last year, when the Lapsus$ hacking group stole and leaked 190 gigabytes of confidential internal data, including source code for Samsung’s Galaxy smartphones.
Only months later, the company was attacked again in July, resulting in customer names, contacts, birth dates, demographic information and product registration data being stolen.
Comments powered by CComment