Samsung Confirms Hackers Compromised Customer Data – Report

Samsung Electronics has reportedly begun notifying some of the customers of its UK store, of a data breach that has exposed their personal information to an unauthorised individual.

Bleeping Computer reported that a cyberattack resulted in a data breach that impacted customers who made purchases from the Samsung UK online store between 1 July 2019, and 30 June 2020.

Samsung has experienced a number of other security issues in recent years. In early 2020, Samsung UK admitted a rogue alert sent out in its Find My Mobile app, resulted in some users seeing other people’s data.

Data breach

Then in March 2022 Samsung confirmed it had suffered a security breach after the hacking group Lapsus$ posted online a 190 GB dump of data mined from Samsung Electronics, which is said to included company data and even some source code of its Galaxy devices

But now Bleeping Computer has reported that a cyberattack has exposed customer data of some people who used Samsung UK’s website in an eleven month period between July 2019 and June 2020.

Samsung discovered the data breach this week and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used.

No details have been provided about the security issue that was utilised in the attack or the vulnerable application that enabled the attacker to access Samsung customer’s personal information, Bleeping Computer reported.

The notification to customers reportedly says that exposed data may include names, phone numbers, postal and email addresses.

The good news is that it seems no financial information has been exposed.

A Samsung spokesperson told Bleeping Computer that the company was recently alerted of a cybersecurity incident that is limited to the UK region and does not affect data belonging to customers in the US, employees, or retailers.

“We were recently alerted to a cybersecurity incident, which resulted in certain contact information of some Samsung UK e-store customers being unlawfully obtained,” the Samsung spokesperson told Bleeping Computer. “No financial data, such as bank or credit card details, or customer passwords, were impacted. The incident is limited to the UK and does not affect US customers, employees or retailer data”.

The company has taken all necessary steps to address the security issue, the representative told Bleeping Computer, adding that the incident has also been reported to the UK’s Information Commissioner’s Office.

Supply chain vulnerability?

Muhammad Yahya Patel, lead security engineer at Check Point Software, said the Samsung breach highlights why there is such concern surrounding third party access to a system.

“The supply chain is notoriously difficult to fully secure, particularly when chains of suppliers are involved,” said Muhammad Yahya Patel, lead security engineer at Check Point Software . “That is why it is so important that organisations actively monitor third-party access on the network to spot security gaps and plug them before they become attacks in the wild.”

“It also serves as yet another reminder for consumers to keep their own security in check,” said Yahya Patel. “It is possible that hackers may leverage the stolen information to launch phishing attacks in the future using the Samsung brand as a lure.”

“At this time of year, with the shopping season about the start, it is important that people scrutinise any emails they receive and adopt caution about too good to be true promotions or offers,” Yahya Patel concluded.

User awareness

Meanwhile, Javvad Malik, lead security awareness advocate at KnowBe4, said this latest breach highlights the need for user awareness training.

“Data breaches can have significant consequences, particularly with large organisations which hold hundreds of thousands of individual records,” said Malik.

“It’s good that Samsung has responded and notified customers in a timely manner,” said Malik. “Although it’s concerning that a vulnerability in a third-party application was exploited, it’s a reminder for organisations to thoroughly assess and secure their entire digital supply chain.”

“Additionally, customers should remain vigilant against potential phishing attempts or scams that may arise as a result of this breach,” said Malik. “While the focus is on the fact that no financial information was compromised, often times personal information can be more valuable to criminals as they can use the information repeatedly to attack individuals.”

“Which is why continued user awareness training is key, because as long as breaches continue to occur, individuals will remain the primary target of attack,” Malik concluded.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

19 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

22 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

24 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago